Attributing the DNC Hacks to Russia

President Barack Obama's public accusation of Russia as the source of the hacks in the US presidential election and the leaking of sensitive e-mails through WikiLeaks and other sources has opened up a debate on what constitutes sufficient evidence to attribute an attack in cyberspace. The answer is both complicated and inherently tied up in political considerations.

The administration is balancing political considerations and the inherent secrecy of electronic espionage with the need to justify its actions to the public. These issues will continue to plague us as more international conflict plays out in cyberspace.

It's true that it's easy for an attacker to hide who he is in cyberspace. We are unable to identify particular pieces of hardware and software around the world positively. We can't verify the identity of someone sitting in front of a keyboard through computer data alone. Internet data packets don't come with return addresses, and it's easy for attackers to disguise their origins. For decades, hackers have used techniques such as jump hosts, VPNs, Tor and open relays to obscure their origin, and in many cases they work. I'm sure that many national intelligence agencies route their attacks through China, simply because everyone knows lots of attacks come from China.

On the other hand, there are techniques that can identify attackers with varying degrees of precision. It's rarely just one thing, and you'll often hear the term "constellation of evidence" to describe how a particular attacker is identified. It's analogous to traditional detective work. Investigators collect clues and piece them together with known mode of operations. They look for elements that resemble other attacks and elements that are anomalies. The clues might involve ones and zeros, but the techniques go back to Sir Arthur Conan Doyle.

The University of Toronto-based organization Citizen Lab routinely attributes attacks against the computers of activists and dissidents to particular Third World governments. It took months to identify China as the source of the 2012 attacks against the New York Times. While it was uncontroversial to say that Russia was the source of a cyberattack against Estonia in 2007, no one knew if those attacks were authorized by the Russian government -- until the attackers explained themselves. And it was the Internet security company CrowdStrike, which first attributed the attacks against the Democratic National Committee to Russian intelligence agencies in June, based on multiple pieces of evidence gathered from its forensic investigation.

Attribution is easier if you are monitoring broad swaths of the Internet. This gives the National Security Agency a singular advantage in the attribution game. The problem, of course, is that the NSA doesn't want to publish what it knows.

Regardless of what the government knows and how it knows it, the decision of whether to make attribution evidence public is another matter. When Sony was attacked, many security experts -- myself included­ -- were skeptical of both the government's attribution claims and the flimsy evidence associated with it. I only became convinced when the New York Times ran a story about the government's attribution, which talked about both secret evidence inside the NSA and human intelligence assets inside North Korea. In contrast, when the Office of Personnel Management was breached in 2015, the US government decided not to accuse China publicly, either because it didn't want to escalate the political situation or because it didn't want to reveal any secret evidence.

The Obama administration has been more public about its evidence in the DNC case, but it has not been entirely public.

It's one thing for the government to know who attacked it. It's quite another for it to convince the public who attacked it. As attribution increasingly relies on secret evidence­ -- as it did with North Korea's attack of Sony in 2014 and almost certainly does regarding Russia and the previous election -- ­the government is going to have to face the choice of making previously secret evidence public and burning sources and methods, or keeping it secret and facing perfectly reasonable skepticism.

If the government is going to take public action against a cyberattack, it needs to make its evidence public. But releasing secret evidence might get people killed, and it would make any future confidentiality assurances we make to human sources completely non-credible. This problem isn't going away; secrecy helps the intelligence community, but it wounds our democracy.

The constellation of evidence attributing the attacks against the DNC, and subsequent release of information, is comprehensive. It's possible that there was more than one attack. It's possible that someone not associated with Russia leaked the information to WikiLeaks, although we have no idea where that someone else would have obtained the information. We know that the Russian actors who hacked the DNC­ -- both the FSB, Russia's principal security agency, and the GRU, Russia's military intelligence unit -- ­are also attacking other political networks around the world.

In the end, though, attribution comes down to whom you believe. When Citizen Lab writes a report outlining how a United Arab Emirates human rights defender was targeted with a cyberattack, we have no trouble believing that it was the UAE government. When Google identifies China as the source of attacks against Gmail users, we believe it just as easily.

Obama decided not to make the accusation public before the election so as not to be seen as influencing the election. Now, afterward, there are political implications in accepting that Russia hacked the DNC in an attempt to influence the US presidential election. But no amount of evidence can convince the unconvinceable.

The most important thing we can do right now is deter any country from trying this sort of thing in the future, and the political nature of the issue makes that harder. Right now, we've told the world that others can get away with manipulating our election process as long as they can keep their efforts secret until after one side wins. Obama has promised both secret retaliations and public ones. We need to hope they're enough.

This essay previously appeared on CNN.com.

EDITED TO ADD: The ODNI released a declassified report on the Russian attacks. Here's a New York Times article on the report.

And last week there were Senate hearings on this issue.

EDITED TO ADD: A Washington Post article talks about some of the intelligence behind the assessment.

EDITED TO ADD (1/10): The UK connection.

Posted on January 9, 2017 at 5:53 AM • 246 Comments

Comments

Ron HelwigJanuary 9, 2017 6:21 AM

What I really want to know is did the Russians (or whoever did this) do anything other than expose the bad things that the democrats did. I mean, would we really care so much if it was Woodward & Bernstein that did this? Was there a crime they committed other than breaking into some computers to copy data that voters should have been made aware of anyway?

And why would we want to deter other countries from doing this? Doesn't this help us when our own news industry has failed to expose this? Doesn't more knowledge help us decide how to run our democratic republic?

Max PolkJanuary 9, 2017 6:27 AM

Another lesson learned is to not assume uniformity of function within the agency. The presidential appountees who are the face of the FBI and CIA do not reflect the assertions of the non-appointed workers who earned their right to work there, so we also have to trust an additional layer filtering the data beneath it. FBI workers were reported to be very frustrated with Comey, for example. One person acting as this layer easily subverts the integrity of the entire agency of admirable professionals.

cphinxJanuary 9, 2017 6:31 AM

I'm still not sure how to feel about all of this. The hacking and espionage is one thing... because we all know that in some way, shape, or form, that is and has always been going on.

I suppose the only thing we can do at this point with such a partisan topic is decide for ourselves what we believe to be spin and what we believe to be [most] accurate.

Sancho_PJanuary 9, 2017 6:34 AM

Sadly they accuse others for their own incompetence.
It’s not that security breaches are brand new.

To hide immoral activity one should not use plain text email.

Fix privacy and gain security.

AnonJanuary 9, 2017 7:07 AM

If that 'declassified report' was dumbed down any further it'd be written in crayon.

Dan HJanuary 9, 2017 7:09 AM

Hillary had her password emailed to her by Huma in plain text, and it is almost without a doubt her email server was hacked. Podesta used "password" as his password.

Is there any wonder how or why Podesta, the DNC, and the Clinton Foundation were hacked?

Also, how come they are still uncertain of who hacked Yahoo?

JonathanJanuary 9, 2017 7:20 AM

First of all, I disagree that the hacks revealed "bad things the Democrats did". Obviously, everyone approaches this issue with their pre-existing biases and beliefs, but looking at what was actually released, it was overwhelmingly simply embarrassing stuff -- the kind of stuff we all have in our email.

The problem is, one-sided release of stolen, private information is *inherently* propagandistic, which was the point. That's why Russia did this, and it's why they've done it both to internal journalists and activists who oppose Putin and to countries around the world, in an effort to weaken NATO and other democratic countries.

Added to this, though, WikiLeaks, DCLeaks, and outright Russian propaganda outlets like RT all distorted the stolen material to smear democrats with false accusations ("spirit cooking" and the DC Pizzaria come to mind). They did this repeatedly, and it became clear that the "leaks" organizations pushing the material were *not* acting like information freedom activists, but rather one-sided political smear groups.

Self-serving rationalizations simply obscure the fact that an authoritarian regime attempted to interfere directly in our elections. No one -- and I mean *no one* -- remotely familiar with the Putin regime would be under any illusions that he's doing this out of the goodness of his heart. He's a brutal dictator, which alone should give anyone pause.

Anyone who tries to gloss that over by saying "it's the material that matters, not how it was obtained or released, or by whom" has an agenda besides the good of the U.S. in mind.

JeffJanuary 9, 2017 7:20 AM

Ron Helwig....I guess we'll never be able to answer your question since the effectiveness of the manipulation gets its power from having asymmetric effects on the two parties.

First off, presume that politics by nature is dirty and that only the naive thinks its a battle of good versus evil.

Then remember that the intelligence community asserted in December that they had evidence that both the DNC and RNC were hacked.

Yet only revelations damaging to the DNC came were laundered and released. Why?

It ain't hard. If I were reading everyone's mail and I wanted to use it maximum effect, I'd release the half that makes sure I influenced who got in power and then I'd use use the rest to make sure my choice represented my interests.

The shrill and evidence-free nature of the denials from Republicans about their information security is hardly reassuring.

Nor is the obvious soft spot our new president-elect shows given his bellicose nature to nearly everyone else.

Theoredically...January 9, 2017 7:21 AM

I have a tool that identifies hack, I explain it, next time the attack comes, it will be resistant to that tool, should I wait for a bigger attack, or is this the time to use my (Right Now)secret tool in public?

JonathanJanuary 9, 2017 7:23 AM

Dan,
You're pushing false information. For proof, try to set up a GMail account with "password" as your password. I'll wait.

Julian Assange pushed this claim, and Fox picked it up. Neither were being truthful or bothered to do any research before saying it.

MatthiasJanuary 9, 2017 7:23 AM

It is a question of trust or mistrust. In my country we have a saying “once lied we never trust you again”. And that is the main point in the discussion. Most of us would love to trust the government but the past has proven that politicians and secret agencies can’t be trusted. And that is regardless of the country. Trust need to be deserved. And spoiled trust can hardly regained with unprovable information.

BTW: For me this was also one of the reasons why Mr. T. won the election. He was trusted more by telling bad things as Mrs. C. was not trusted for all her nice words.

Dennis McDonaldJanuary 9, 2017 7:37 AM

Those who continue to demand more "proof" of Russia's efforts should also be asking why Trump appears to be so supportive of Putin and Russia's efforts to influence the election.

TeddyBearJanuary 9, 2017 7:41 AM

A lot of speculation and zero facts/strong evidences in this debate.
Scientifically speaking all the accusations are baseless conjectures and a constellation of clues can't be considered as solid scientific proof.
On the other hand, the increasing level of political propaganda contaminating non-technical people as well as professionals is an indisputable fact.

BrianJanuary 9, 2017 7:57 AM

@Ron Helwig, I think we would care a great deal if Woodward and Bernstein did this. When the Watergate break-in happened, Woodward and Bernstein investigated who was responsible for it---they didn't say, "Ooh, I wonder if the burglars found anything newsworthy!"

Out of everything released from the DNC and Podesta breeches, there was not (as far as I know) any revelation of illegal activity. There was evidence that Donna Brazille violated her contract with CNN---which, it's worth mentioning, she claims was a fraudulent email mixed in with authentic ones. There's evidence of unfairness at the DNC, and possibly violating some internal rules---but they're a private entity and no laws were broken (so far as I know).

Some of the stuff to come out of the DNC emails was relatively harmless, but included jargon that sounded ominous to people who wanted to hear something ominous. Talking about "fixing polls" for example, which has a meaning in internal campaign discussions that's not the same as "rigging the polls reported to the public," which is what it sounds like to outsiders. Ultimately that kind of thing might not be consequential, but an afternoon spent explaining "no that's not what we meant" is an afternoon not spent on other tasks.

But more seriously, the data release also included things like congressional candidates' internal strategy documents and opposition research. In at least one case, that information was leaked directly to a conservative political blogger, not WikiLeaks. (The NYT recently published a story about the down-ballot side of the hacking: http://nytimes.com/2016/12/13/us/politics/house-democrats-hacking-dccc.html)

That's not exposing wrongdoing to the world, and it's not copying data that voters should have known anyway. That's selectively targeting candidates, stealing data from them, and giving it to their political opponents.

So, yeah, I think that's kind of serious and worrying. Reporters make editorial choices about what stories are worth telling, and have an area of expertise to put the stories in context. That might mean we miss out on important information, sure. But selectively releasing internal documents of one party in pursuit of an unknown motive is surely worse than flawed media gatekeepers.

Anna MarkonovaJanuary 9, 2017 7:59 AM

Mr Schneier, cybersecurity experts must learn much more about international relations (especially the ones between US ans Russia), foreign policy analysts must learn much more about cybersecurity, and both must learn much more about media landscape, influence and infowars. Your analysis is very wise (as usual) but you keep on missing the big picture and the point(s).

some dudeJanuary 9, 2017 8:54 AM

If I leave my windows open at night because it is hot and I want to feel the breeze.. and then a thief comes in through said window, is that not a crime? Foolish of me to leave a window open (sarcasm). A crime is a crime. Intent matters.

EricJanuary 9, 2017 9:08 AM

Bruce, would you have come to the same conclusions and written the same article if the political parties were reversed in this situation and it had occurred at the end of a Trump presidency?

BillyJanuary 9, 2017 9:09 AM

@jonathan
You might want to check facts yourself before accusing other people of pushing false information. The Wikileaks document clearly shows that Podesta's password was spelled "p@ssw0rd" which is a legitimate password on Gmail. The link to the document is here: https://wikileaks.org/podesta-emails/emailid/22335

I would trust Julian Assange to tell the truth over any politician any day. Assange has said repeatedly that it was not Russia nor any state actor from whom they received the leaked documents. It was far more likely a disaffected insider wtihin the DNC, though Wikileaks protect their sources, so we'll probably never know.

Yousef SyedJanuary 9, 2017 9:30 AM

The US and other western governments have been influencing elections in foreign nations, across the globe, for decades!
Including the outright toppling of government, subversion of the election results and support of despotic regimes from Central/South America, Western Europe, Eastern Europe, Middle-East, Africa, Central Asia, South East Asia...

Now the Russians (and possibly the Chinese) are playing the same game against them, the US is crying "foul!"?! A bit rich, to say the least...

Russians were Disgusted With ClintonJanuary 9, 2017 9:33 AM

When Clinton was Secretary of State her senior State Department Official for Europe was recorded by the Russians cursing like a drunken sailor at our own allies!
Disgusted Russian Intelligence went public and sent a clear message they were not satisfied with such American incompetence.
Did the Obama administration learn and change its security policies? (not at all)

Virtually all of America’s adversaries knew every move and communication Secretary Clinton made. They knew years ago just how incompetent Americans had become. General Colin Powell SHOULD have told Clinton ‘not to use personal communication devices whatsoever and follow security procedures’. Instead he told a clueless Clinton to be very careful.

Did the NSA let Clapper know it turned down Clinton request for a secure phone?
Did the NSA know Clinton had her own personal server? The CIA?
The Director of National Intelligence was created to prevent such intelligence breakdowns but it too failed with Secretary of State Clinton. Obviously his Office is too political.

Ultimately the gross security violation buck stops with President Obama. He and ‘yes man’ Clapper allowed this to fester like an infected wound. Did Google Chairman Eric Schmidt tell (during his hundreds of White House visits) the President and Clinton just how dangerous cell phones are?

Did Obama loose the election because our adversaries were utterly disgusted at his administrations lack of professionalism? Do they have the ‘right’ to expect a better opponent and not ‘suffer’ through eight more years? Did they feel compelled to share their disgust? Did they have a right to celebrate?

In contrast what does President Trump think of big-data cell phones?

keinerJanuary 9, 2017 9:48 AM

Hmmm, who lied to the UN about WMD in Iraq? Not completely new, this post-factual thingy, huh?

And now you have elected a guy with the brain of a fat 7-year old bully at the schoolyard who can only defend himself and his insane behavior by ad-hominem abuses against grown-up people criticizing him in completely reasonable manner.

Joker_vDJanuary 9, 2017 9:57 AM

"Pro-Kremlin proxy Vladimir Zhirinovskiy, leader of the nationalist Liberal Democratic Party of Russia, proclaimed just before the election that if President-elect Trump won, Russia would “drink champagne” in anticipation of being able to advance its positions on Syria and Ukraine."

That's actually presented as one of "Russian Propaganda Efforts".

Apparently, twits, screenshots of RT footage, and other data from assorted social networks are enough of evidence; to make this report you don't have to be an intel officer, this piece of writing could be thrown together in an afternoon of googling.

"We also have another, actual proofs, but they're so secret that we won't show them to you. But they're definite and completely genuine, like all other proofs we had in previous 15 years".

AndrewJanuary 9, 2017 10:12 AM

I think there is something missing in the declassified report. The reason that made Russians go that far is none of those enumerated there. Russians won't tell it either but they are right, the big picture is still missing.
Actually, Putin and Russian analysts were afraid that under Clinton things will escalate to war. It's that easy and most likely true. And not only them but a good part of the rest of the world aware of Clinton statements, political context and troops occupation of relocation in Eastern Europe.

PatrickJanuary 9, 2017 10:29 AM

Follow the money. Trump is very, very pro-oil/unclean energy. What is Russia's biggest economic output? No wonder Putin wants Trump in office.

patmcclungJanuary 9, 2017 10:40 AM

Truly Mr. Schneier's blog and comments are a place for demeanor, but it all comes down to the fact that the DNI memorandum and all other accusations that "the Russians affected the US elections", these accusations in and of themselves, regardless of their truthy or falsity, are an alarming threat to our liberties. These accusations are unsubstantiated. As in, ("I accuse you of killing my cat, but I can't place you around where she died, or any other substantiating evidence.") The fact is, as every source, every url every additional web related piece of information that I can find proves, and my own thought provokes, the enemy of the American people is the US Was Party headed by John McCain. Or at least, I respectfully suggest that this is the case.
We will see, after January 20, what these stuck pigs will next try to pull off.

Dirk PraetJanuary 9, 2017 10:59 AM

@ Bruce

But no amount of evidence can convince the unconvinceable.

It just depends on what your standards of irrefutable evidence are. Nobody's denying that there's definitely some very interesting clues pointing to Russian involvement here, but I'm all but convinced any of it would hold up in a court of law. On top of that, I don't believe a word of what either the CIA, the FBI or the ODNI are telling. They squandered our trust a long time ago with their "least untruthful" statements on pretty much everything.

But even if I were prepared to take a leap of faith that indeed the Kremlin was behind it, wouldn't it really have been a clear case of tit for tat? The US has been meddling in elections all over the planet for as long as I can remember. Even in Russia. Does anyone really believe that a half-wit career drunk like Boris Yeltsin could have become president without some serious help from Washington? Or that the gang of oligarchs and neo-nazis currently running Ukraine rose to power merely through a popular revolution neither the US or the EU had anything to do with?

I'm all for the principle that no country should undermine in any way the electoral process in any other country. But which goes for everyone, including the US, and the sheer amount of hysteria currently surrounding the DNC hack is, with respect, an almost absurd display of US hypocrisy at its finest.

MattJanuary 9, 2017 11:05 AM

Julian Assange has claimed the information he has came from a different source. Craig Murray, a former UK ambassador, claims to have been the courier of the information from DC to Wikileaks. That the leaks came from a disgruntled DNC source. Can anyone debunk this? Could it be that this happened and Russia hacked the DNC? Could it be that Russia is what provided the details to Craig. Or, who is lying?

There are angles to this not really being talked about that would help with reputation and trust.

I'm reminded that the FBI, during Obamas administration, tried to frame Assange via Iceland.

There is a lot going on here when it comes to trust.

dusterJanuary 9, 2017 11:16 AM

Look... if the DNC did something that Democrats don't like, then that's something for Democrats to deal with (not Republicans: they can worry about their own party). Political parties are organizations and can organize themselves however they damn like.

On the other hand, foreign entities hacking into political party computing systems looking for dirt to smear the disfavored candidate? Yeah, that's something that Republicans should worry about too. It should be a non-partisan issue, unless, of course, a certain party actually welcomed, encouraged, or solicited such a thing. In that case its something more serious.

It doesn't matter if all they found out was that Bill likes to wear Hillary's underwear (they didn't); foreign interference is not justified.

TatütataJanuary 9, 2017 11:20 AM

The future twit-in-chief tweeted :

"There was absolutely no effect on the outcome of the election including the fact that there was no tampering whatsoever with voting machines. There were attempts to hack the RNC..."

But his tiny little thumbs pounded out a few weeks ago:

"In addition to winning the Electoral College in a landslide, I won the popular vote if you deduct the millions of people who voted illegally."

So Donnie, will you make up your mind? [that is, provided you actually have a mind]. Was there some kind of fraud (technical or human) or none whatsoever?

How long will the school bully last?

To add on the subject: the Montreal ESET labs reversed engineered the attacks which targeted the DNC, the WADA and various foreign ministries around the world, and presented their results at 33C3 in a talk titled "Visiting the Bear Den".

Like their Hogtown colleagues they are loath to pin the hacks to a particular government, despite the repeated daft attempts during the Q&A.

Gerard van VoorenJanuary 9, 2017 11:32 AM

@ Ron Helwig,

What I really want to know is did the Russians (or whoever did this) do anything other than expose the bad things that the democrats did. I mean, would we really care so much if it was Woodward & Bernstein that did this?

What's going on is 1) distraction politics (and it works) and 2) framing (and that works as well).

That's it.

JasonJanuary 9, 2017 11:49 AM

@Andrew

> Putin and Russian analysts were afraid that under Clinton things will escalate to war

So are you saying that with Trump in power instead of Clinton, Russia would be less aggressive? or just that Russia reckons it will get away with it while facing Trump?


@Theoredically...

> should I wait for a bigger attack

... a bigger attack than the compromise of one of the foundational pillars of the country? After starting how many wars to spread democracy, now a suggestion that democratic integrity isn't a big deal?


@Ron Helwig

> Doesn't more knowledge help us decide how to run our democratic republic?

*cough* Trump tax records *cough*


@duster

> that's something that Republicans should worry about too

At the very least they should change all their passwords. They'd be fools to assume they haven't been hacked because only DNC stuff has been released.

ZJanuary 9, 2017 11:57 AM

Would American opinions of the DNC hacking and Russian involvement be any different, had they not turned up anything short of professional and presidential behavior?

I don't know the answer but I've pondered it quite a few times over the last couple months. The notion that we, as a country, want to elect the best candidate possible. To do this, we must analyze our options. Analysis requires research and research requires information. When we start to feel like other governments are aiding our research process better than our own government, that's when we feel conflicted.

So, yes, the US government can continue operating at its current level of opacity. And I'm sure they will retain the trust and security of their intelligence assets. But I expect this path, they are currently on, will only continue to erode trust and security domestically.

Clive RobinsonJanuary 9, 2017 12:10 PM

@ Bruce,

But no amount of evidence can convince the unconvinceable.

Two things to note, firstly the door swings both ways on that, and secondly it casts unfair levels of aspersions against people who for good or bad have different levels of credability or trust in both the political and judicial processes involved.

Others have noted the complete lack of trust in the US IC, MIC, MSM and the political processes that distinctly favore a very few at the considerable expense of the majority. Some go ad far as calling it revolving door corruption.

However ignoring that, the US justice system supposadly has levels of evidentiary acceptance.

For crimes especialy those that are capital or involve loss of liberty, the evidentiary standard is supposadly "Beyond Reasonable Doubt". In the past this ment what wr now call circumstantial evidence was not alowed to even be mentioned let alone considered. Even at quite low levels hearsay evidence was not alowed or had to be strongly qualified as expert evidence, backed by strong scientific argument.

For what many call civil cases circumstantial evidence has almost always been alowed as long as it did not bring a persons general standing down. That is a persons personal life (such as being a bed hopper etc) should not be used in unrelated action such as breach of contract, unless there was clear contributing factors. Whilst this has gone by the by these days the level of evidentiary burden is the 50/50 point of reasonable probability.

Often items of circumstantial evidence do not get even close to the 50% point on their own, they need to be seen not individually but collectively and this makes them dangerous due to the "Painting effect" where a lawyer with a smart mouth tries to produce a coherent story from disjoint and unconnected half truths. Thus they "Paint a picture" for the jury in ways that many would call "leading a child up the garden path".

Which brings us along to the "constellation of evidence" idea. Put simply this is not facts that get even close to being even remotely thought of as circumstantial. More often then not they fail any kind of mathmatical or scientific measure. Worse they are likewise unbalanced in that they are only cherry picked to make an argument, with all contrary information either ignored or quite deliberatly disregarded. To say they are unreliable at best is an understatement, they arise from cognative bias in unqualified investigators who are frequently trying to make hay for themselves. It's why we had China APT, now we have Russia Inside and no doubt we will get Iran Immersion or some other catchy name when the political wind shifts.

How about US Upside? there is sufficient evidence at a higher level than a "constellation of evidence" that suggests that the US do simillar if not worse than these other countries. This raises the issue of "fruit from the poisoned vine" because if the US can get into systems to gather evidence, they can also manipulate, change or down right fabricate evidence, as can other agencies, because it's all part of the "Great Game" what we now call the IC has been playing for centuries.

As anyone who has followed the "Yellow Cake" story or the "Iraq WMD" stories you will know that those who have MICE reasons to act as agents for another country are notoriously unreliable. They listen to questions from handlers, they read newspapers etc, and colour their view to match in order to not get burnt etc. Thus you need real boots on the ground to cross check and verify and even then such Intel is frequently guess work.

If we accept that all nations who can are playong the Great Game, we also have to accept the smoke and mirrors asspect of it. Part of this is "False Flag Operations", "Fund raisers" and "Turf Wars". Few people inside, let alone outside of the IC are up to understanding let alone seeing through this fog sufficiently to navigate the maze behind it.

Which means "Sherlock Holmes" type methodology whilst fine in theory is not going to happen. People do not have the time or the resources to eliminate the impossible, then go on to find that which might be the improbable truth. We know from experience it's going to be more like the very much earlier Occam's razor nothing more.

As we know and has be written about Occam's razor can not deduce the rules of snooker or bar pool even with all the equipment set up for the first go, or any other game great or not...

Finally it has been said that "Extrodinary claims, need extrodinary evidence" or if you prefere the level of evidence should be atleast match or exceed the level of the accusation to be believable, that's before you take into account the credability and abillities of the accuser...

Thus we have a mountain of accusation, but a hole in the ground evidence wise. Not exactly a level playing field for a game.

Ross SniderJanuary 9, 2017 12:28 PM

> "The most important thing we can do right now is deter any country from trying this sort of thing in the future, and the political nature of the issue makes that harder. Right now, we've told the world that others can get away with manipulating our election process as long as they can keep their efforts secret until after one side wins. Obama has promised both secret retaliations and public ones. We need to hope they're enough."

Bruce. Get out of your echo chamber.

Deterrence is important. Sure.

But if you want to avoid the security dilemma in the first place and you want to avoid strategic surprise: DEVELOP AND SIGN A CYBER TREATY.

Russia and China have one. The US and China have one.

It's about time Russia and China completed the triangle. The nice thing about treaties is: you can put whatever you can agree to in them - and Russia equally wants a Cyber Treaty given the manipulation, sabotage, espionage and political destabilization being performed by US cyber operations.

Your echo chamber is suggesting an unstable equilibrium, and you are repeating it dutifully.

Let's go for a win-win instead.

TatütataJanuary 9, 2017 12:45 PM

The nice thing about treaties is: you can put whatever you can agree to in them

Who was it who said "treaties are made to be broken"? Talleyrand ("A turd in silk stockings") or Hitler?

Ross SniderJanuary 9, 2017 12:54 PM

@Tatütata

I believe it was the American colonies, when speaking to Native Americans.

Jokes aside, serious commitment to treaty has an extremely good history - and even when broken raise the bar for the level of covertness and therefore cost of operations.

Then again, it appears that Washington has no want to have a treaty, as it seeks to continue its aggressive cyberattacks on Russia. When Washington thinks that it can "win" we aren't likely to find any terms for them in which they'd be willing to cease provocation.

MarkHJanuary 9, 2017 1:38 PM

The usual Great Satanists, defending the Kremlin again. Sigh ...

As to the notion of a cyber treaty, Russia has been smashing treaties to dust recently.

And now that the US will be ruled by a man with Putin's ethics but less intellect, who will feel confident in an American treaty?

Perhaps, the man who help to install the new US president?

Matt GismondiJanuary 9, 2017 1:44 PM

I've been dealing with this sort of thing for years now and it's cost me my job and pretty much... well... when you can't use a computer anymore because they make you paranoid and crazy, and you're a graphic designer, you're SOL. It started admittedly with a bit of panic, but most of this is true:

https://discussions.apple.com/thread/7095250?start=45&tstart=0

Anyway, I've got a bunch of computers and disks and all sorts of fun stuff if anyone out there wants to poke around and see. I can tell you what I know and what I've seen that it does... a lot of voodoo with the file system journals hiding things and hijacking audio streams to transmit data all over the place. Maybe. Either that or it's just designed to look like it so that you end up chasing red herrings all day. But it's a mess. And it stays out of the way as long as you don't ACTUALLY have to calibrate your monitor or work with fonts on any deeper level or set up color profiles and custom printer definitions. Those things tend to break it all.

Nine months of AppleCare and i finally decided that either they had been told I was a terrorist (which would explain why they were so hostile to me after they read the notes in the system) or maybe they were being forced to lie to me? Who knows. They wouldn't release any of the history to me of my conversations with them even though I went through 9 different case managers or techs or whatever they call them, and two of them mysteriously vanished.

"Yeah... it's not like him to just disappear like that. No one knows where he is..."

Doesn't help that I was working for KPMG at the time as a temp and probably had them chasing after me too. Imagine if the government had me locked in a remote VM setup using TFTP to download images... or something else unencrypted... and KPMG was relying on my secure home network for security... Or the other way around... What kinds of crazy messes could ensue! I have no idea. Well... actually I have lots of ideas.

Anyone needs a good novel plot please come see me.

Praise Jesus for keeping me alive through it all though... I think. We're kind of not talking at the moment. Mainly because of my own bad attitude as a result of dealing with this day after day after day after day after day....

Thank you so much for posting this though. I am so glad to know someone out there actually believes that this kind of thing is possible.

Slime Mold with MustardJanuary 9, 2017 1:44 PM

@Matt above makes a good point. Possibilities include:
1. The Russians hacked the DNC Podesta (for intel) AND an insider leaked to Craig Murray.
2. The DNC insider was a Russian agent.
3. Craig Murray lied to Assange (Russian agent?).
4. Murray and Assange are both lying.

I haven't read the declassified report. If it is anything like the 13 pages of mostly trash put out December 29th, I'll cry.
https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

If the NSA has the goods, and its from programs we've already read about, they need to come forward with it. Pretending Edward Snowden never happened serves only to leave the IC printing iffy evidence.

I've read that Fancy Bear is available on hacker forums. Can anyone confirm that?

cphinxJanuary 9, 2017 1:57 PM

@Slime mold with Mustard

Fancy Bear should be on hacker forums... probably not in it's original/pure form.

BearJanuary 9, 2017 2:05 PM

I'd like to remind everyone of Bayesian inference. AKA, the laws of probability as applied to evidence in which you have limited confidence.

If you get enough pieces of low-confidence evidence that something is true, you can develop an extremely high confidence of that thing being true.

For example, Politifact (a source in which I have about 70% confidence) evaluates Donald Trump's statements as having a -7% correlation with truth. I accept this as meaning I can accept Donald Trump's statement of something as evidence that it is false with 4.9% confidence. 4.9% isn't much, but if enough different pieces of evidence all point in the same direction, I can develop an extremely high confidence that something is true.

Carrying the example forward, I already have several different pieces of evidence about Mr. Putin's ill intent; actions in Syria, Iran, and elsewhere have added up to about 90% confidence. Accepting Mr. Trump's statement that Putin is a "good guy" as evidence with 4.9% confidence, increases my confidence in the proposition to a bit less than 90.5%.

See how that works? Even though any particular piece of evidence may give only very small confidence, these pieces together eventually combine to give a confidence much greater than the confidence placed in any particular piece of evidence. This is what is meant by a "Constellation of evidence." It's a very real thing, and when someone says they've developed such a constellation it's simply an assertion that they've gathered the evidence and done the math.

Unfortunately, after the "weapons of mass distraction" and a few other debacles, my confidence in the intelligence agencies of the US stands at around 40% - down significantly from earlier estimates, on the basis of new evidence. So their statement of 90% confidence in something is accepted by me as positive evidence at around 36% confidence.

36% isn't much, but if you add it to enough evidence from other sources.....

de La BoetieJanuary 9, 2017 2:06 PM

Crikey! The source Bruce quoted as "constellation of evidence" says:

"It has always been the case that the evidence is weakest at point 6 and 8." - Point 8 being the release to Wikileaks.

But, isn't this the precise point?

It would be surprising if Russian, China, whoever, were NOT hacking whoever they could including the DNC - that's "responsible" or at least effective spying. It doesn't become interfering in the election until it's made public (point 8), and the evidence is weak.

I agree with the perfectly rational assessment that I'd not trust anything the politicians and the IC say, and I think this is a huge problem that needs to be addressed - the body politic has been harmed by self-inflicted wounds.

I'd also agree with points that linking a story with multiple dodgy points together to get the answer you want is the stuff of cheap novels and shouldn't be trusted to take action, or divert from the bigger picture which is the weakness of our defences and erosion of trust in our own institutions.

WP: Russia Hacking indictment of ObamaJanuary 9, 2017 2:15 PM

"...In other words, the WikiLeaks stories simply confirmed what Americans already knew: that Clinton was dishonest and corrupt.

Moreover, most of the stories that helped Americans reach those conclusions had nothing to do with Russia or WikiLeaks. It was the New York Times that broke the story that Clinton used a private server while she was secretary of state.

It was The Post that revealed the Clinton Foundation had accepted millions of dollars in donations from foreign governments while Clinton was secretary of state.

It was the Wall Street Journal that exposed the deal Clinton had cut with a Swiss bank to protect tax-dodging Americans while the bank gave $1.5 million in speaking fees to Bill Clinton and $600,000 to the Clinton Foundation. It was ABC News that revealed that the Clinton State Department gave special treatment to “FOBs” (friends of Bill) and “WJC VIPs” (William Jefferson Clinton VIPs) after the Haiti earthquake.

It was NBC News that reported that the FBI had discovered emails that appeared to be germane to the Clinton email scandal on a computer seized during an investigation of disgraced former congressman Anthony Weiner.

And it was FBI Director James B. Comey who told the American people that Clinton had been “extremely careless” and the “definition of negligent” in handling classified information.

Clinton can’t blame Russian President Vladimir Putin or WikiLeaks for any of that."

Solution
"Which is why it is so puzzling the Trump team keeps trying to call into question the ODNI report’s conclusions that Russia was behind the DNC hacking effort. Trump should embrace those conclusions instead. He should point out that the report is a searing indictment not of him, but of Obama, and that Russia’s actions are a direct result of Obama’s weakness on the world stage. That would be a much smarter approach than questioning the integrity of the intelligence community he will have to lead in less than two weeks.

And it has the added benefit of being true."

https://www.washingtonpost.com/opinions/the-russia-hacking-report-is-an-indictment-of-obama-not-trump/2017/01/09/e544b0d2-d684-11e6-b8b2-cb5164beba6b_story.html

Note: WP articles are noticeably improving; Amazon Jeff is listening (while Trump meets with China’s Jack Ma)

PeteJanuary 9, 2017 2:25 PM

I don't get all the importance of this.

A wordpress site was hacked. It was a private server. It wasn't a govt server with TS data on it.

Who cares? Really. Who cares?

This server isn't a hack against our republic. Millions of similar servers are hacked daily.

Having strong suspicions is NOT the same as having proof. The NDI has been lying so often the last 15 years that I just don't believe them without real, solid, PROOF.

Does any of this mean that Russian govt was NOT behind the hacking of this specific server? Nope. Does it matter? Not that I can tell. Was Russia happy the Ms. Clinton didn't win? Appears so. That's fine, about 50% of voters in the USA were happy about that too!

I haven't met anyone who didn't vote for Ms. Clinton who made that decision after May 2016. Personally, I knew I'd never vote for any Clinton, ever, in 1996. It didn't matter who the other candidates were. If they were born in the USA and over 35 yrs old, fine.

TatütataJanuary 9, 2017 2:33 PM

If you get enough pieces of low-confidence evidence that something is true, you can develop an extremely high confidence of that thing being true.

I remember reading about medieval law having weighted testimony rules with quarter, eighth, half or whatever proofs. The value attributed to each "proof" was determined by the character providing the testimony, e.g. a women's word was deemed to be worth less than a man's. If you accumulated enough "proofs" then you could hang the bloke. He could also have "confessed" under torture.

A far cry from the "Beyond a Reasonable Doubt" standard theoretically applied by modern criminal courts.

But then, courts attribute a lot more confidence to badge-wearers than civilians, and the use of torture is official policy. How much more advanced are we really?

And the nauseating freak show goes on...

albertJanuary 9, 2017 2:54 PM

@Bruce,

"...The most important thing we can do right now is deter any country from trying this sort of thing in the future...".

No, that's not going to happen. You have written about how abysmal US cybersecurity is, as well as what can be done about it. But all we can do is keep putting it out there, hoping someone will listen.

Despite @Ross suggestion (which is a good one), it won't happen. Russia and China have common interests, and they are antithetical to those of the US.

I'm not convinced that the 'DNC leak' caused Hil'ry to lose the election; the last nail in the coffin. That blame needs to be put in* perspective. I believe the DNC 'strategists' are totally responsible. Public commentary is readily available.

Let's face it, we have a broken system, and ordinary folks are sick of it. We have seen what's on the end of the fork, and it's not pretty.

I see Obamas (his handlers) demonization of Russia as a way of 1. Poisoning the well for Trump to deal with, and 2. A parting shot against the official US Bogeyman. Any reaction by Trump against Russia would suit the neo-liberals just fine.

I'm really tired of all this. Can't you find some sources besides the NYT?

"...The answer is both complicated and inherently tied up in political considerations...".

No, the answer is the truth, the facts. 'Political considerations' are 'he said/she said' bullshit. It's a pissing contest between people who are old enough to know better.

If we can't find attribution, perhaps we should forget about it, and let the players duke it out in secret. Nothing's worse than politicizing anything, especially technology.

There's really nothing we can do about it, except worry, that old rockin' chair that takes your energy and gets you nowhere.

. .. . .. --- ....

vas pupJanuary 9, 2017 2:54 PM

@Matthias • January 9, 2017 7:23 AM
"It is a question of trust or mistrust. In my country we have a saying “once lied we never trust you again”. And that is the main point in the discussion. Most of us would love to trust the government but the past has proven that politicians and secret agencies can’t be trusted. And that is regardless of the country. Trust need to be deserved. And spoiled trust can hardly regained with unprovable information."
I'd say that trust has spectrum feature: between no trust at all and some level of trust. I agree that absolute trust to subjects you stated in your post in any country is diagnostically good for absolute stupidity. But level of trust is substantially different in countries. What is base line is subject for research, but in dictatorship there is fear only - no trust at all.

@Jason • January 9, 2017 8:15 AM
What is exceptional? I guess to be first in the world for something like health care, education, personal freedom and security, low crime and incarceration rate, but it all depends on criteria you selected to be exceptional (size of the land, population, GDP, # on nuclear warheads in possession, number of billionaires, etc.). We need to agree on criteria first.

Obama is lyingJanuary 9, 2017 2:56 PM

Glenn Greenwald has cogently explained why we should never blindly believe what US intelligence agencies say, more here http://www.realclearpolitics.com/video/2017/01/09/greenwald_to_stelter_dont_just_blindly_and_uncritically_accept_the_claims_of_intelligence_community.html .

In light of that, I find this comment particularly pertinent,

"Attribution is easier if you are monitoring broad swaths of the Internet. This gives the National Security Agency a singular advantage in the attribution game. The problem, of course, is that the NSA doesn't want to publish what it knows."

On the declassified report, it is explicitly said the NSA is the only agency who wasn't on board with the "high confidence" assessment. That tells you all you need to know.

Obama is a sore loser. Hillary Clinton is a sore loser. The Democrats are sore losers.

The political analysts describing this as Obama's revenge on the birther controversy are probably right. It goes to show the petty infantile leader we have had during the last 8 years.

As far as I am concerned, January 20th cannot come soon enough.

Ross SniderJanuary 9, 2017 3:00 PM

@MarkH

The United States has been smashing treaties to dust recently (like START, the primary Nuclear Arms treaty). The Obama Administration had to renegotiate a treaty that the Bush Administration ruined. And THEN, it refused to include forward deployment of missiles in the new treaty!

Anyway, it's funny how people are so burned by the US's flippant disregard for treaty obligations and lack of faith in the new president and the US foreign policy establishment that they don't believe that a treaty is even a good start to creating a peace. Instead they advocate for a cyber arms race!

And then, anyone who disagrees with that assessment get's called a satanist or a Russian shill. This is done because the argument itself isn't very convincing - it must be backed by appeals to fear and character assassination.

Put down the pitchfork and analyze the security situation. Don't think with your emotions, and about how burned you are by the United States burning treaty obligations left and right.

A cyber treaty (and series thereof) is a primary limiting force on the rules of engagement in the cyber domain. The only other limiting forces are deterrents, which we learned during the Cold War is indistinguishable from an arms race, international norms (which have failed to manifest), and technical barriers (for which there are few).

Thinking in terms of military response will get zero-sum results. It makes sense if you assess your capabilities as 'better' or if you are on an aggressive military front in cyber space (like the United States). But if the objective you are trying to reach is limited competition, you've got to create the conditions for collaboration: a structural realist commitment to setting the conditions, punishments, deterrences, capabilities, boundaries and communication channels on paper.

Indeed, if you think that treaties are 'meant to be broken' you ought not be supportive of the China-US cyber treaty, the New START US nuclear treaty or indeed any US treaty at all. What an insane world that would be to live in.

Yes. Absolutely. We need a Cyber Treaty.

But you're right. If the US is so committed to war that it can't keep its treaty commitments any project for peace is bound to fail from the start.

hoodathunkitJanuary 9, 2017 3:00 PM

It's entirely possible the Rooskies hacked the DNC but the "constellation of evidence" points first and foremost to an insider; to a Bernie Sanders sympathizer or supporter at the DNC.

A remote hack would tend to have all emails, internal documents, databases, etc. The release was limited to emails from seven DNC officials' accounts. In late July, three days before the Democratic convention DNC emails from Jan 2015 thru May 2016 were released; the nominee campaign period. The content shows Party officials undercutting Sanders while supporting Clinton; unethical and dishonest but legal.

It is totally inexplicable a Russian state actor would have a British national fly to America in order to physically hand over hacked material in a DC park; needlessly adding a witness, creating an evidence trail, and taking the chance of surveillance video. Conversely an idealistic insider taking archives would want personal assurance of equally idealistic Murray and Assange.

Like the Iraq 'yellowcake' story from the same CIA, their story sucks.

AnuraJanuary 9, 2017 3:17 PM

@Pete

It matters because it is not in any way shape or form about informing the public; exactly the opposite - it's a one-sided release of out of cherry picked emails, designed to manipulate people who won't take a step back and look at the big picture, or question the context of the emails. It's a security hole in our society, that was used to exploit the population.

Now, I don't particularly think it matters that much if it was the Russians or whoever, because the result is the same: an actor manipulated the public to change the outcome of the election. Now, it wasn't just this. It was all the fake news (which the right has been trying to distract from by calling everything fake news - again, classic diversionary tactics), the bullshit investigations by Republicans in Congress, and mainstream media reporting the speculation and opinions instead of the facts (as they always do), and Comey's release of non-information right before the election.

But my biggest problem is that it came on the wave of a massive disinformation campaign by the Republicans (the whole purpose of the Benghazi and email investigations was disinformation), right-wing media in general, and the refusal of the mainstream media to call them out because they have to be bipartisan. Without all the other crap, the leaks would have been inconsequential.

The result is that after several decades, Republicans have been able to slowly create a bubble to the point where they can pretty much control the entire flow of information to their base. The result is that Republicans can now say and do anything as long as they can make up an excuse. So what have they used that power for? To attack abortion, gay rights, voting rights, minimum wage, welfare, the poor in general; they repealed Obamacare over and over again for the past six years, and now they actually have the power to they show that they haven't even put together a plan for it! But what have we heard about? How the Democrats are trying to distract from the economy. It doesn't matter if it is even something that makes sense from the surface; right-wing media decreed it, so it was believed and spread without question by the base.

This is how democracy is exploited: by going after the people; intentionally misinforming them or withholding information, or just plain preventing them from being able to vote. Yet, time and time again the voters fall for it. And yes, I know the response, it's the same thing with the Demcorats, but it's really really not. The difference is that the voters largely drive the domestic policy of the Democratic party, and the Republican party largely drives the domestic policy of the voters (foreign policy is a whole other can of worms). All those things, like abortion, gay rights, voting rights, minimum wage, welfare, etc. are in response to the stuff the public wants (even a majority of Republicans support tax increases on the wealthy and at least some minimum wage increase, but it's unthinkable to the party itself). Even if you look at Obamacare, the only things not popular on the mandates, but the Republican party is against every aspect of it, so the objective is to replace it completely.

Obama is lyingJanuary 9, 2017 3:37 PM

This is the relevant part of the declassified report,

"We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.
All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment;NSA has moderate confidence."

So people, don't fall for Obama's infantile tendencies! That the NSA is not willing to give a "high confidence" to this assessment given what we know about the NSA tracking capabilities speaks volumes.

Ryan Cooper at The WeekJanuary 9, 2017 3:42 PM

https://theweek.com/articles/671483/cia-not-trusted

One of the more darkly amusing things to watch in modern politics is the rapid see-sawing of public opinion around questions of partisan advantage. Thus as Vladimir Putin was perceived to be a friend to American conservatives, his favorability rating among Republicans improved by some 56 points nearly overnight.

But another even more ludicrous example is the skyrocketing trust in the Central Intelligence Agency among liberals, as that agency has gotten into a political tussle with President-elect Donald Trump. In this case, reverse-engineering political ideology around partisan advantage is actively dangerous. The CIA — and the security apparatus in general — is not to be trusted.

This development comes due to the CIA's apparent conclusion — via the usual method of "anonymous leaks to journalists" — that Putin's hacking efforts were directed at helping Trump get elected. Unsurprisingly, Trump rejected this conclusion, and his transition team is said to be mulling a major reorganization of the intelligence bureaucracy (though they have since denied it). Former CIA director James Woolsey has quit the transition team.

Partisan mechanisms kicked obligingly into gear, and approval of the CIA among Democrats has improved by 36 points — putting favorability higher among Democrats than Republicans for the first time since the poll has been conducted.

So what's the problem here? Let's review some history.

The CIA's brutal incompetence goes back virtually to the very moment of its founding. They spent most of the Cold War doing stuff like air-dropping thousands of people into China and Russia to get murdered, overthrowing foreign governments, spying on domestic dissidents, feeding random people LSD, screwing around with "psychic" charlatans, and so on.

Recent history is no exception. Most notoriously, on orders from the very top levels of the Bush administration, the CIA started and operated an illegal torture program which killed at least one person, and probably many more, in its custody. It provided no good intelligence and seriously damaged the agency's operational effectiveness. Then when the Senate Select Committee on Intelligence attempted to conduct a mere investigation of that program, the CIA spied on the staffers conducting the investigation and reported them to the Department of Justice, in what Sen. Dianne Feinstein called "a potential effort to intimidate this staff."

In many ways the incompetence of the CIA is a real shame, and not just due to its long history of atrocities. The American presidency badly needs quality information, and far too often nobody in the various intelligence agencies has been able to provide it. The CIA is particularly hamstrung in this respect, as quality intelligence work often plays second fiddle to the sexier task of overseas operations (or running the drone assassin fleet).

Why those two tasks were combined under one roof is anybody's guess. Indeed, a total overhaul of the spaghetti tangle of security agencies is desperately needed — it would be a great idea, if it weren't being done by Trump.

But overall, it is unquestionable that the CIA (and the rest of the security apparatus) is a lawless force of illiberal despotism. Perhaps the greatest moral stain on President Obama's legacy is how he backed the CIA to the hilt in is fight with the Senate, and publicly made garbage excuses for its lawbreaking and torture.

There isn't much else that can be done about Trump's fight with the CIA in either direction, of course. Democrats are all but powerless at every level of government. But it's still critical to remember that there is no way that the agency could "beat" Trump that would not lead to a far worse outcome.

On the one hand, the CIA might blackmail Trump into submitting to its demands. On the other, it might be co-opted to be used against his political enemies. Neither option is good for liberalism that isn't mere Obama-worship.

SkepticalJanuary 9, 2017 4:23 PM

Strikingly, the President-Elect and his staff, who for most of last week continued to express their doubts that Russia was responsible, are now, post-briefing, persuaded Russia was responsible.

That some here continue to act as though there is a grand conspiracy to frame innocent Russian intelligence agencies is immensely amusing. Perhaps the future Guccifer 3.0 can assume the moniker of "Teddy Bear", to reduce some of the cognitive dissonance that must be afflicting these poor souls.

The US is an open society. Public scandals receive public coverage - immense public coverage - and keeping anything secret is difficult. Now either this is one of the grandest, most remarkable, conspiracies in the history of the US Government - to falsely accuse Russia of interference in a US election without persuasive evidence - and somehow, amazingly, no one has leaked the existence of such a criminal action, even though doing so would doubtless win them the deep gratitude of the President-Elect and instant celebrity status -- or the US Intelligence Community, the independent companies who assessed the technical evidence available to them, and others, are simply telling the truth about their assessment.

Some within Russian circles view democratic ideology as dangerous. That is, they believe its continued credence and strength poses a threat to their power. They view the "color revolutions" as a series of US influence operations; they view NGOs as arms of Western governments.

In their world, authenticity of belief in democracy is irrelevant; everything is viewed through the prism of power. Does this organization strengthen me, or weaken me? Does this belief strengthen me, or weaken me?

Weakening ideologies and organizations must be countered. A Russian missile that downed a Dutch commercial passenger plane? Not at all. Look, we have videos showing you why; here are experts telling you otherwise; there were never even Russian soldiers in Ukraine, as we have explained many times already. Now, let us turn to a story about US funding of ISIS...

Unfortunately, Russia has elected to go a step further - actively stealing information and then selectively broadcasting it.

This is offensive in two ways. First, it degrades the operational effectiveness of any political campaign or political organization by sowing confusion, disorder, internal animosity, and by discouraging open internal communications. Second, it escalates from the mere broadcast of information to the active intrusion into private systems and correspondence for the purpose of harming the targets of such intrusions.

It is far more personal, and coercive, than anything done previously.

But - alas, dear Russia - the United States is an open society. Public scandal is nothing new; indeed the Americans EXPECT their press to uncover scandal as a means of keeping those with power in check.

But in a closed society - fissures between oligarchs can mean the loss of fortune, exile, perhaps even death. It can mean a critical loss of respect and authority - and assets. It can focus popular discontent despite all efforts to distract the populace with fears of the evil West. For in a closed society certain information can flash like unexpected lightning on a clear summer night, and the crack of thunder that follows can shake the earth beneath one's feet.

In a closed society, information truly is dangerous.

And so for a closed society to take such an offensive approach, to invite - indeed to legitimize - its adversary in responding precisely in kind, is a strategic blunder.

My real concern here is the theme of Russian tactical engagements that fail to form a coherent, successful strategy. The result is a series of half-achieved strategic objectives, greater disorder, and a weakened Russian Government. Headlines are not the measure of power.

Russia may believe that it is bringing about a new status quo, or preventing a disadvantageous one from taking hold. But in fact the disorder it is spreading among major powers is not in the interests of anyone: not China, not the US, and not Russia.

The most dangerous enemy in the world right now is a United States in which both the Jacksonian school of foreign policy (America should mind its own business, but if anyone pushes the US, then the US should hit hard) and the Wilsonian school (America should build and contribute to a framework for a just and lasting global order) are united in common cause for action.

The mercurial tweets of the President-Elect notwithstanding, congratulations President Putin: mission accomplished.

PerryDJanuary 9, 2017 4:35 PM

All this pearl-clutching about a foreign state interfering with our sacred election process is making me crazy. If said foreign state was really interested in a regime change in the USA, it would have done it the American way...murder the leader (elected or not) and install a puppet. God knows we've done it enough that it's a tutorial for everyone else.

Joe StalinJanuary 9, 2017 5:28 PM

So we have a choice:

Are we to believe

--the Prez that extra-judiciously assassinated at least 2 US citizens and thousands of others, mostly innocents with drones. And hides the legal justification of his kill lists.

--The "17" intel agencies that could not find 5K long truck convoys of oil trade $$ going from ISIS(Iraq,Syria) to Turkey. But magically found them when the Ruski planes stopped them.

--The Prez that is illegally bombing many countries and has troops fighting in 10s of Africa,Asia,Middle East countries illegally.

--The 17 "intel" agencies and military that arm and fund ISIS/AQ and can't find the oil sheiks that help them do that.

--The same intel groups that got us into Korea,Vietnam,Afghanistan,Iraq with the associated assassination programs of 100s of thousands and deaths of millions and coups and manipulated elections of dozens of countries as well as CoIntelPro and CIA domestic operations and a long record of domestic/foreign media penetration.

Or do we believe Wikileaks and a UK ambassador that has no record of lies and murder. Hmm.
It's not that hard a choice unless you are paid to make it a certain way.

Sancho_PJanuary 9, 2017 5:52 PM


@Clive Robinson, re:

”But no amount of evidence can convince the unconvinceable.” (@Bruce, btw:
Are you polemic or mathematician?)

- No, I don’t think it’s his rationale, so arguiments won’t help.

I do hope it’s a temporary form of “democratic blindness” (TM), otherwise it would be a slap in the face of every serious technician / scientist.

rJanuary 9, 2017 6:25 PM

Except, in my country - every two years or so we have new blood coming in from the public.

Ask yourself, which infrastructure is more or less open?

I'm 100% with the guys who have concerns over the 50/50 slant of the releases. I have other ideas too like who gave the guns to the idiots in France?

http://time.com/how-europes-terrorists-get-their-guns/

I don't need time to tell me who's giving out freebees to terrorists, you shouldn't either.

They're opportunitists, business men mind you in the shadow of the worst form of capitalism.

If you all can't see the big picture because you're busy waiting for the other shoe to drop you're going to lose hard.

rJanuary 9, 2017 6:28 PM

That is, unless you're one of the legendary gnome's that make shoes. Then it's win win for hijinks.

ModeratorJanuary 9, 2017 6:56 PM

@all, @Gong Ho's hyperinflammatory post has been removed; please disregard it, and avoid engaging noncontributory, drive-by ranters.

ModeratorJanuary 9, 2017 7:03 PM

@r, please do not make any further attempts to engage 4/5 aka Violet; in other words, don't troll the troll.

rJanuary 9, 2017 7:19 PM

@mod, CC: all,

You do realize how long she's been ranting @Skeptical right?

It goes back at least 2 years from what I can tell.

There are many layers to this yellow cake. ;-)

But @All talking about "hurray CIA!" I hear you.

John SmithJanuary 9, 2017 7:23 PM

"But no amount of evidence can convince the unconvinceable."

Governments regularly lie. Intelligence agencies regularly lie. Politicians regularly lie. And the mainsteam media are their stenographers.

So when known liars tell me "we're telling the truth this time, ignore all those other times we lied to you, you can trust us on this", I demand a high standard of evidence.

Show me the hard evidence - the equivalent of the Cuban Missile Crisis photos - or STFU.

rJanuary 9, 2017 8:13 PM

@Sidney,

Ah, but you're forgetting something.

Some liars, are motivated - others just lie.

It's possible to see through the walls of defense you just have to be careful.

Slime Mold with MustardJanuary 9, 2017 8:17 PM

I read the declassified report, and was more than disappointed. It offers no more evidence at all. Rather it describes Russian "influence operations" in broad outlines, and that not always accurately.

"The Russian leadership invests significant resources in both foreign and domestic propaganda and places a premium on transmitting what it views as consistent , self-reinforcing narratives regarding its desires and redlines...." This is quite at odds with what I've read from other sources, which attribute anything but consistency to Russian themes. Indeed, the idea is to "destroy and ridicule the idea of truth".

"When it appeared to Moscow that Secretary Clinton was likely to win the election, the Russian influence campaign began to focus more on undermining her future presidency." This report is so vague that it could be interpreted as 'focusing on undermining a future presidency' (and Twitter seems more effective).

Six pages of the 25 (Almost a third of the text) are devoted to RT (formerly Russia Today).
"Since its inception in 2005, RT videos received more than 800 million views on YouTube (1 million views per day), which is the highest among news outlets"

Yet the report fails to mention any real metric of RT's actual impact. From Wikipedia :
"However, The Daily Beast has revealed that RT hugely exaggerates its global viewership and that its most-watched segments are on metrosexuals, bums, and earthquakes. Between 2013 and 2015, more than 80% of RT's viewership was for videos of accidents, crime, disasters, and natural phenomena, such as the 2013 Chelyabinsk meteor event, with less than 1% of viewership for political videos".

I really don't doubt that Russia tried to influence the election. If this is what the IC can or will publish, they should save what reputations they have and just shut up.


Clive RobinsonJanuary 9, 2017 8:17 PM

@ de La Boetie,

When you linked to,

You gave the impression it is only a UK-Israel issue.

You should have included the Israeli Diplomatic advice to those running such anti-host-government propaganda organisations,

    “Operating like this could encounter opposition from the organisations themselves, given their legal status: Britain isn’t the US!”

Which after the Republicans were caught with their pants down talking to the Israeli end of these Israeli propaganda units in the US... Should tell US Citizens how they are being manipulated by Israeli Intel organisations, rather worse and for far longer than the Russians have been accused of.

(I have mentioned Israeli behaviour in the past when talking about US Political China APT and the more recent Russian Inside campaigns, but people fail to grok it even when it has been tried --less than successfully-- on this site).

Clive RobinsonJanuary 9, 2017 8:39 PM

@ Sancho_P,

I do hope it’s a temporary form of “democratic blindness” (TM), otherwise it would be a slap in the face of every serious technician / scientist.

Look up the stages of grieving, and change it to "The Democratic Grieving Process"...

It appears to have gripped quiye a few in the US who are starting to move from the "disbelief" stage into the "denial" stage.

But it's not just that, there is also a form of "Buyers Remorse" setting in amongst those who "were trying to send a message" to the DNC that they were doing things wrong.

The real question that people should be asking is "Can the GOP reign in Trump" to do their bidding. They have enough control over the next couple of years over both houses to do it but it could easily turn into first brinkmanship then a blood bath. As I've said before Trump is not realy a Republican and people realy need to take that onboard...

Any way enough on US politics, it's just a mess and to most people outside the US there is little or no difference between the two main parties, other than the Democrats appear most times to be the tail of the dog not the head. I heard a phrase the other day "In the US all men are born equal, then the Republicans indoctrinate the babies and those who are not nibble enough to abscond to the Democrats"... It might not be totaly true but there is a germ of truth in there.

P6 “rely” => “relay”January 10, 2017 1:51 AM

Two Romes have fallen, the third stands firm - a fourth there will not be

TRUMP: What I'm saying is NATO is obsolete. NATO is -- is obsolete and it's extremely expensive for the United States, disproportionately so. And we should readjust NATO.

Anastasia Baburova, Anna Politkovskaya, Karina Moskalenko, Alexander Litvinenko, Karina Moskalenko, Stanislav Markelov, Akhmednabi Akhmednabiyev, Mikhail Beketov, Gadzhimurad Kamalov, Natalya Estemirova, Magomed Yevloyev, Ivan Safronov, Maksim Maksimov, Vagif Kochetkov, Novoye Delo, Paul Klebnikov, Yuri Shchekochikhin

tyrJanuary 10, 2017 1:52 AM


@Clive

If some random drunk in a bar is the best Mossad
can field to undermine Brit MPs we are living in
PTerry land indeed... : & )

Maybe it's fake news, I hear there's a lot going
around these days.

GreenSquirrelJanuary 10, 2017 2:03 AM

@Ron Helwig et al:

What I really want to know is did the Russians (or whoever did this) do anything other than expose the bad things that the democrats did.

As others have said, "exposing the bad things" one party does, but not others, during an election campaign is pretty much the definition of influencing the election.

Trump and his campaign took advantage of the emails to rubbish and diminish the Democrats in the eyes of the nation so it appears he believed the information was in his favour.

For me, that is a strong indicator that the release of the emails influenced the election - I dont have an opinion on "was it enough to tip the balance one way or another?" though.

GreenSquirrelJanuary 10, 2017 2:08 AM

@Dan H

Podesta used "password" as his password.

Where did this rumour come from? It isnt true (you cant use this as a gmail password) and it masks what was a pretty convincing spear phishing exercise to compromise his account.

If he had used an easily brute-force-able phrase, why would any attacker (Russians or Skiddies) bother so much on the phish?

If anyone is interested, there is a good break down of the phishing attack on Podesta here: https://twitter.com/pwnallthethings/status/816622915860963328 (and it is in the Wikileaks dump here: https://wikileaks.org/podesta-emails/emailid/36355)

65535January 10, 2017 2:12 AM

@ Slime Mold with Mustard

“I read the declassified report, and was more than disappointed. It offers no more evidence at all. Rather it describes Russian "influence operations" in broad outlines, and that not always accurately… Six pages of the 25 (Almost a third of the text) are devoted to RT (formerly Russia Today)… If this is what the IC can or will publish, they should save what reputations they have and just shut up.”- Slime Mold with Mustard

Actual Declassified report:
https://assets.documentcloud.org/documents/3254237/Russia-Hack-Report.pdf

I concur with your assessment. The “Declassified Report” harps on Russia Today as a propaganda arm of the Russian government while providing no technical proof that the “Russians” did any hacking of voting machines – just physiological news outlets echoing the on going news about the DNC's in-fighting and misadventures.

Worse, this whole “Intelligence community Report” seems to only start after the election happened.

If the intelligence community was on the ball they would have reported this openly to World as the election took place to blunt any true slanting of the election [The DNC emails were exposed well before the election]. The US IC was a day late and dollar short so to speak.

The timing of this report reflects poorly on the Intelligence Community as a whole. It also brings into context the political motivations of the USA IC community – or certain load-mouth parts of it.

I have lost a lot of faith in the USA’s IC apparatus. I can see why others have lost faith in the US IC machine.

GreenSquirrelJanuary 10, 2017 2:13 AM

@Billy

You might want to check facts yourself before accusing other people of pushing false information. The Wikileaks document clearly shows that Podesta's password was spelled "p@ssw0rd" which is a legitimate password on Gmail. The link to the document is here: https://wikileaks.org/podesta-emails/emailid/22335

You might want to double check that email you've linked to.

As you can see from reading it, that is the password for what appears to be an unrelated Windows 8 device being issued to him with a "default" password set up.

That isnt the password for his Gmail account, it isnt a password for any known externally facing service and it may not even have survived as the password for his Windows 8 device once he had it.

GreenSquirrelJanuary 10, 2017 2:31 AM

All,

There is a lot of probably justified doubt about the US Intelligence Communities ability to provide trustworthy intelligence. This appears to be driven by what is seen as deceitful reporting in the run up to previous military operations. As a result, people are claiming that the current attribution of the DNC hack to Russia is untrustworthy.

I have two issues with this:

1) The historical lies were largely the result of political / media spin on fairly bland intelligence reporting. The IC gave the right information but the public (or at least the press representing the public) didnt bother to check this, instead they listened to the well spun headlines and got burned. This does not, on the whole, invalidate the IC reporting capabilities.

2) a huge amount of attribution in this case comes from the private sector and non-US companies. This has produced a wealth of information which connects the attacks to APT28 / APT29 who were comfortably (and without challenge) identified as Russian actors as far back as 2014. It should also be highlighted that no security company has come up with an alternative theory, even though there would be massive publicity and lucrative contracts for a credible assessment of it not being Russians.

So, as a public, we are faced with a decision:

Do we accept that multiple security companies, with multiple sources of information have collated the attack data across multiple targets and agreed (even between competing companies) that the source of the attack is a group identified in 2014 (and probably active since as least 2010) acting on behalf of the Russians.

Or, do we ignore all that and shout It wasnt the Russians, I dont care what you say until it goes away?

Genuinely, if you believe commentators with no access to the data or infosec background over Fireeye, Kaspersky etc., then there are bigger problems at play.

As a last point, if you want to know more about how the attack was attributed then it is worth watching this webcast by Robert Lee: https://www.sans.org/webcasts/analyzing-dhs-fbis-grizzly-steppe-report-103312

He is very critical of the report but explains why that isnt as important as lots of people think.

GreenSquirrelJanuary 10, 2017 2:35 AM

@65535

I concur with your assessment. The “Declassified Report” harps on Russia Today as a propaganda arm of the Russian government while providing no technical proof that the “Russians” did any hacking of voting machines

Who said anyone hacked a voting machine?

GreenSquirrelJanuary 10, 2017 2:47 AM

@tyr

If some random drunk in a bar is the best Mossad can field

Why would he be the best? Surely the best would be used against harder targets in more hostile environments.

Every course, even Mossad, has a people who only just pass and get sent on starter assignments which can then be fucked up.

Assuming any mistake, misstep or unguarded moment means Not Mossad is a bit of a mistake, don't you think?

Maybe it's fake news, I hear there's a lot going around these days.

Always possible, but there is video and the Israeli government have largely accepted it. If this was fake news, wouldnt they be the first to say that rather than "sorry our guy was a dick" comments?

WinterJanuary 10, 2017 3:58 AM

I have said so before, the DNC hack is evidence of a catastrophic failure of the US Intelligence strategy of putting (NOBUS) Offensive capabilities before defensive capabilities, I quote our host:

NSA's TAO Head on Internet Offense and Defense
https://www.schneier.com/blog/archives/2016/02/nsas_tao_on_int.html


The talk is full of good information about how APT attacks work and how networks can defend themselves. Nothing really surprising, but all interesting. Which brings up the most important question: why did the NSA decide to put Joyce on stage in public? It surely doesn't want all of its target networks to improve their security so much that the NSA can no longer get in. On the other hand, the NSA does want the general security of US -- and presumably allied -- networks to improve. My guess is that this is simply a NOBUS issue. The NSA is, or at least believes it is, so sophisticated in its attack techniques that these defensive recommendations won't slow it down significantly. And the Chinese/Russian/etc state-sponsored attackers will have a harder time. Or, at least, that's what the NSA wants us to believe.

For all their pretentious NOBUS wizardry, the TLA's have given the US presidency to a Russian candidate.

This is a failure in the category of the Maginot line. Putting ALL your eggs in defense is just as bad as putting them all in offense.

rJanuary 10, 2017 4:28 AM

@Clive,

I think the only thing not true about that statement lies in the omission, I think it's an accurate assessment vs economic policy vs civil programs. At least in my eyes anyways, it's sharp if not true that's for sure.

de La BoetieJanuary 10, 2017 5:31 AM

@Clive, you're spot on that Israel - how can I put this - seeks to influence many countries' politics including the US, clearly not only the UK (though apparently they regard the UK as the centre of the BDS movement).

That is also symptomatic of the fact that one now has to be very circumspect in being critical of the illegal policies of Israel (the state) in line with the UN resolution, lest one be accused of antisemitism.

So it gets like Monte Python - who has interfered in American politics - apart from nominally the Ruskis and Israelis and Chinese and.....

The other gaping hole is that clearly, with a shedful of money and power ANYONE can influence American politics - that's democracy for you!

Dirk PraetJanuary 10, 2017 5:44 AM

@ GreenSquirrel

The historical lies were largely the result of political / media spin on fairly bland intelligence reporting.

Nobody is questioning the formidable capabilities of the US IC. What does seem to be happening time and time and again is their findings being distorted not by media and politicians, but by their own leadership and on behalf of the executive that holds the money purse. Examples a plenty. When I'm considering implementing some new product or technology, I also demand to talk to the engineering team because I don't believe a single word of what the marketeer or salesrep is telling me.

a huge amount of attribution in this case comes from the private sector and non-US companies

Many of which have produced solid working theories, but none of which at this time meet the evidentiary standard required for a conviction in a court of law.

@ tyr

Someone seems to think Carter (POTUS) was a hippy.

I didn't say Carter was a hippy. I said he actually believed in "hippy" stuff like peace, democracy and human rights. He still does, by the way.

@ Slime Mold with Mustard

I really don't doubt that Russia tried to influence the election.

Neither do I. Trump's position on NATO and US involvement in the Middle East must have sounded like music to their ears. But in how far the DNC revelations were the final nail in Shillary's coffin is questionable to say the least. In hindsight, I'm pretty sure she would have lost even without those, regardless of who was behind it. It is of course way easier to "shout at the devil" than to carefully examine why she failed to appeal, and which in my opinion points to a much more fundamental problem in US society than either Democrats or Republicans are willing to admit. Let's not forget that Trump wasn't exactly the candidate the Republican establishment had in mind either.

For all real or alleged Russian shenanigans, the simple fact of the matter is that a decisive part of the American population has lost faith in the political system of a republic that has turned into a plutocracy favouring the rich and powerful only, the political and financial elites of which for all practical purposes are perceived to be above the law and to have dragged the country into endless wars benefiting no one but the MIC. All while the ordinary man in the street has been left behind. And there is exactly nothing vilifying Putin or even wiping Russia off the face of the planet is going to change about that.

GreenSquirrelJanuary 10, 2017 6:20 AM

@Dirk Praet

Many of which have produced solid working theories, but none of which at this time meet the evidentiary standard required for a conviction in a court of law.

I agree with you 100% here.

However, I don't think the goal is (or even should be) to get admissible evidence and demonstrate beyond all reasonable doubt. Working on IR for most commercial enterprises that isn't a requirement there either.

Given the interaction between covert sources, human intelligence and technical assessments, this standard of proof is likely to be setting an unachievable goal. People who say they will only believe it was the Russians if they get this level of evidence are fooling themselves.

I agree that the waters are also muddied by commercial orgs who rush out a "nation state attacker" every time they get DDoS or SQLi'd but this really isn't the same. It is a consensus view point from multiple incident response specialists based on years of data.

It isn't in a court. It doesn't have to prove mens rea and a guilty actor to suffer the punishment or any of the other tests that exist in other areas.

I do find it funny (entertaining and weird) that an awful lot of Americans, and a LOT of republicans, don't seem to care that on balance of probabilities, the Russians attacked a US political party and disseminated information which influenced the election.

Clive RobinsonJanuary 10, 2017 7:29 AM

@ Greensquirrel, Dirk Praet,

However, I don't think the goal is (or even should be) to get admissible evidence and demonstrate beyond all reasonable doubt.

Unfortunately, admissible is required to atleast "balance of probability".

The reason is it's a "Turkey Shoot" out there, many nations are at it. Even Obama tried to manipulate the UK EU referendum in a way favourable to the US just a very very short time before Obama started getting hot under the collar about Russia.

Everything said about RT in the report can be said about the US MSM like CNN and the evil empire of Rupert "the bear faced lier" Murdoch and the UK Referendum. So it's realy a hypocritical position for Obama to take.

But the more covert side is where the supposed evidence falls flat on it's face. Way to many people were not just aware of the alleged Russian APT groups. They had the MO and Tools well pined down long before hand. Thus there are a great many people that could "Make like a cosybear" before the name was even coined.

As I've repeatedly said reliable attribution at the network level is just not possible. False Flag operations are effectively easy enough for just a couple of people to do as and when they want. To say otherwise is a little silly.

The golden rule of diplomacy is not to go charging around like an impotent old bull in a china shop. You certainly don't go public without solid evidence, it realy is counter productive in many ways, and has long term ramifications that are without doubt extreamly unhelpfull to future negotiations.

And it is this that people are waking upto, that is they seriously belive that Obama is "queering the pitch" in a fit of childish peek. As others have noted it's unbecoming of the office. And there is a high probability that in effect Obama has paved the way for a Trump second term...

As I also pointed out before this Russia Inside nonsense started, Hillary Clinton was on a loosing wicket, a study of US political history shows that few parties get a third term. Further the bookmakers were very much against her, and unlike the polsters and MSM they have real skin in the game, so tend not to go on flights of fancy.

But she was without doubt "poisoned goods" long before that, the Republicans were carving chunks out of her past performance long before the supposed Russian signal was making it above the grass. The Republican signal was orders of magnitude greater. What killed that was Trump doing the divide and concur trick on the Republicans. He made it clear he was not going to stop taking the Republican voters away from any candidate the chose to put up against him and he would run to the bitter end just to spite the GOP. He made it clear it would have been a suicide pact if they put up a candidate other than him... Thus the GOP haf a choice Trump or Hillary, there was no other game in town. The GOP hatred for Hillary was what Trump used to swing the election his way.

The only real question is how much the Email leaks hurt her... The balance of probability has always favoured a disafected Sanders supporter insider. At the real democratic grass roots Hillary was seen as poison, she realy was not wanted. The only people who wanted her were the money men, who would have owned her and she would have done their bidding no matter how many more US citizens it would kill.

MarkHJanuary 10, 2017 7:40 AM

It's comical (in a depressing way) to read here that the case presented to the public wouldn't hold up in a criminal court.

First, throughout those lands that are lucky enough to have more or less functioning courts, the criminal court standard is applicable to criminal prosecutions, and absolutely nothing else.

It simply don't apply to espionage counteraction or relations between states.

Second, those who don't study the actual functioning of criminal courts in western countries would be shocked at the kinds of cases that frequently result in convictions.

Third, the classified case just _might_ be stronger than the public report.

Q: Where is the best place to look for a country, which requires absolutely incontrovertible proof before taking action to defend its security?

A: In history books, because such a country is doomed to prompt and utter destruction.

Dirk PraetJanuary 10, 2017 7:50 AM

@ GreenSquirrel

Given the interaction between covert sources, human intelligence and technical assessments, this standard of proof is likely to be setting an unachievable goal.

On which I 100% agree with you. I equally agree that full public disclosure for several reasons may not (always) be possible. But it doesn't change the fact that extraordinary accusations require extraordinary proof. Anything else is a slippery slope of politically motivated WMD accusations that lead to illegal wars and the plunging in darkness of entire regions on the planet.

The rather trivial answer here is that the required burden of proof and accompanying protocols for "cyber incidents" be unequivocally established either in an international covenant or in bilateral treaties between nations. Which there is understandably little enthusiasm for with any party currently indulging in such activities.

I do find it funny (entertaining and weird) that an awful lot of Americans, and a LOT of republicans, don't seem to care that on balance of probabilities, the Russians attacked a US political party and disseminated information which influenced the election.

I don't. It just goes to show that a lot of Americans have a much bigger issue with the current state of their political system than with alleged Russian meddling in it. Not to mention that they know too that their own administrations and IC aren't particularly shy of doing the exact same thing.

@ Clive

The balance of probability has always favoured a disafected Sanders supporter insider.

Which to date remains what my gut feeling is telling me too, even without precluding that indeed the Russians or other parties had previously breached DNC systems. From an espionage vantage, even my friend @Skeptical would probably agree that they were a perfectly valid target for any foreign IC.

mbJanuary 10, 2017 8:41 AM

While I do not consider myself unconvinceable, I also do not consider myself a sucker. When a known perjurer testifies to congress, that it was Russia, I will be far from convinced. When an organization, like the NSA, repeatedly is shown not to have been forth right about their interpretation of the law, I will be skeptical. They may be telling the truth, they could just as easily be lying. That is the problem, the government agencies telling these stories have 0 credibility. Do not blame the skeptics.

GreenSquirrelJanuary 10, 2017 9:17 AM

@Clive

The reason is it's a "Turkey Shoot" out there, many nations are at it. Even Obama tried to manipulate the UK EU referendum in a way favourable to the US just a very very short time before Obama started getting hot under the collar about Russia.

This is true but it is a different method of manipulation and, at least I'd like to think, that most observers would see a difference between the President of the US saying he thought the EU referendum vote should go a certain way and a suspected state sponsored cyber team breaking into IT systems and leaking the data found to provide political capital for one side or another.

If the NSA had hacked into Farage / UKIPs email and leaked the contents to discredit their Leave position, I would be equally outraged.

But the more covert side is where the supposed evidence falls flat on it's face. Way to many people were not just aware of the alleged Russian APT groups. They had the MO and Tools well pined down long before hand. Thus there are a great many people that could "Make like a cosybear" before the name was even coined.

It isnt as simple as that.

The technical links to APT28 are fairly robust, so the only argument really is do you think APT28 is sponsored by the Russian government? This group's activity has been monitored by Crowdstrike / Fireeye / Kaspersky etc since 2010 and reported on since 2014.

The forensic investigation of this hack has been carried out by countless private sector employees with different national and political affiliations. The confidence with which they call "APT28" is too high to dismiss easily.

Other than that, the only question is, is it a false flag? To go back to first principles, which group benefits from any of this? There is a clear and obvious link between Trump (and his team) and the Russians which even if there is no collusion or espionage at this level, indicates it was in Putin's interests for Trump to be elected.

What value is there in any other organisation getting trump elected and making it look like Russia? Especially any organisation able to correctly recreate the TTPs used by APT28 to enough of a level of detail that no world class DFIR team has spotted it?

GreenSquirrelJanuary 10, 2017 9:22 AM

@Dirk Praet

The rather trivial answer here is that the required burden of proof and accompanying protocols for "cyber incidents" be unequivocally established either in an international covenant or in bilateral treaties between nations.

I agree.

This would be a dream come true from a DFIR position although (and this is just more evidence that I agree with everything Robert M Lee says), I think the crucial point is not caring if people believe you but caring more around what alternative controls you can put in place.

As an example with the DNC hack - the US Government shouldn't really care what the public think, it should be happy that it can take diplomatic action against the Russians (who know they are guilty) and it should be driving a much stronger defensive security campaign based on the lessons learned from this incident.

Any effort spent convincing people it was the Russians is, largely, wasted. Some will believe it with no evidence, some wont believe it even if the Russians admit it.

GreenSquirrelJanuary 10, 2017 9:45 AM

@NM

You know there is a lot more to DIFR than simply saying "look the source code for this python script is the same", don't you?

No one doubted APT28 were Russian in 2014, why start now?

NMJanuary 10, 2017 10:11 AM

Yes, gs, it's very convincing up there on your bandwagon with everybody. Is our new friend ginabetz75 up there with you, holding a bouquet? Better hope none of the Songbird of Hanoi's Georgian wogs show up a double-hop away, knowhatimean? Makes you wonder why NSA is not quite so convinced. Or what might come out next if you go ahead an poke the bear.

NMJanuary 10, 2017 10:54 AM

Oh and uh, profexer, you know, Ярослав Володимирович, ever wonder if the Russians, who invented contact chaining long before computers, thought to do some in this case?

Nice border wars ya got there. Be a shame if something happened to them... demonstrated fabrication of a preemptive nuclear casus belli, yada yada yada. People could swing.

Dirk PraetJanuary 10, 2017 12:37 PM

@ GreenSquirrel

... the US Government shouldn't really care what the public think, it should be happy that it can take diplomatic action against the Russians (who know they are guilty)

Donald Trump, Wladimir Putin and Xi Jinping probably couldn't agree more, but to the best of my knowledge, that's not entirely the way things should be handled in what some still pretend is an open and democratic society under the rule of law.

At least in principle, a government as seen by your constitution is fully accountable for all its actions either overt or covert and thus should also be able to adequately justify those to the people they claim to represent, especially when it involves a foreign nuclear power. But one may ask himself if this is really still the case ever since the Bush administration got off scot-free both with Stellar Wind and the Iraq war.

... and it should be driving a much stronger defensive security campaign based on the lessons learned from this incident.

That, I totally concur with. Despite all the hysteria about Russian and Chinese APT's, the reality on the shopfloor unfortunately is that most breaches still occur as a result of extremely poor (IT) security, not to say utter negligence.

hmmmmJanuary 10, 2017 1:09 PM

So Bruce,

If you'd read about the Sony hack in a conservative publication, would you have trusted it so easily? The NYT and Wash Post aren't remotely unbaised, anymore than National Review is.

That's the problem - we have a single side of the political aisle making statements, and half the country doesn't believe it - no matter which side we're talking about. The only way we'll get widespread confidence is to see the data, or to have a trusted part on both sides come out and saying the same thing.

Clive RobinsonJanuary 10, 2017 2:30 PM

@ Greensquirrel,

The technical links to APT28 are fairly robust, so the only argument really is do you think APT28 is sponsored...

Stop right there you've fallen into the assumption trap...

As you know in the UK we have the saying about "how do you tell a duck from a goose"...

The problem with attribution is if you see the APT28/9 MO and tools, does it realy mean it's APT28 or APT29 or someone who knows their techniques imitating them? That is do you have "the goose", or another goose pretending to be "the goose" or even a "duck" pretending to be "the goose"?

You must not pass this point untill you can say it's "the goose" with a very very high degree of probability up in the 95th or above percentile.

It's what false flag operations are all about and none of the SigInt agencies are sufficiently omnipotent or omnipresent to give that level of confidence. We saw this major failing with the SPE attack.

To see why, lets assume you have got a "toe hold" in a router you belive is in the Kremlin. You lurk there watching what goes by. All you can see is the "adjacent nodes" in the network. You see data come in from one of those nodes and you see data go out to another of those nodes, nothing more. That is what you realy do not know is where that data came from or where it is going to beyond those adjacent nodes.

But let us now assume you by chance have a toe hold in two routers, the one in the kremlin and also one just upstream of the DNC. Let's also assume you get lucky in that who ever is sending the data they did not bother to encrypt it. All you actually know is you've seen data come into one node upstream of the DNC and leave and come into the second node in the kremlin and leave. You DONT know anything more than that you have seen the same data transit the two routers. If however the enterty who is sending the data does encrypt it you have no idea what the data is. Worse they may re-encrypt enroute. Then you have no idea if the data is even the same...

But even if you actually had a toe hold on the two computers where the traffic was sourced and sunk, you still no very little. Because you don't know who the entity is that moved the data... Because if you can get a toe-hold on those computers so can somebody else. If the computer owner can not see you on those systems then there is a high chance you could not see a third party on those systems either... We saw this with APT28/29 one was in deep playing the long game and the second came along, either they did not see each other on the DNC systems or they were not worried about it for some reason unknown... Which is problematic for the "done on the orders of Putin" argument.

But all you have is just MO and tools, not identities or intentions. Thus how do you know that the two APTs were not being impersonated by a third party? A third party may have worked on the assumption that you might have missed the deep long game, thus put out a much noiser signal so you did get to see something...

This is just the thin edge of the problem with attribution, I could go on in greater depth, but by now you and others reading along have got a taste of the problems involved and can see why you have to take great care not to fall into the "assumption trap".

Clive RobinsonJanuary 10, 2017 2:41 PM

@ Greensquirrel,

To go back to first principles, which group benefits from any of this? There is a clear and obvious link between Trump (and his team) and the Russians which even if there is no collusion or espionage at this level, indicates it was in Putin's interests for Trump to be elected.

Always be suspicious of "a clear and obvious link" when playing at this level.

Turn the question on it's head and ask "In who's interests is it that Hillary did not get ellected?"

You will then start down on a more interesting path... But beware of the obvious it will lead you astray.

mozJanuary 10, 2017 2:54 PM

In all this discussion it would be better to be clear that the attribution for stealing the data is separate from the attribution for releasing it. It's completely possible that the various emails were stolen twice, that the US security forces saw the Russian theft and missed the theft by the person who actually did the release.

It's pretty noticeable that the section about delivering data to Wikileaks is one of the weakest parts of the attribution document.

We have three levels of action listed as seen from the Russian perspective:

  1. government aligned largely independent organisations slandered Hillary - tit for tat for US NGOs trying to stop gay people getting beaten
  2. someone spied on Hillary's systems - tit for tat for the NSA spying (on everybody)
  3. someone released Hillary's personal mails and directly discredited her - not really comparable, except maybe to the anti-Putin protests

The first two fit well into normal US-Russian relations. It's only the third one which is an escalation. This, the most important one is the one where the attribution as fed to us is completely unconvincing. There doesn't even seem to be a basic attempt at parallel construction through which they could use their actual knowledge to show us correlating traces.

This is a failure in the category of the Maginot line.

@winter Brutally put, but one way or another you are right.

It looks like the NSA and their TLA buddies have either failed to defend their nation or have been tricked into discrediting themselves. My wild guess is that Trump even knows or thinks he knows who the insider is and he was waiting to see if the NSA can tell him. Every time they fail to tell they discredit themselves further with their new boss unless they clearly state that they don't know. One important message of the Boy Who Cried Wolf!, though, is that in the end, when nobody believed him, he was actually telling the truth. Too late.

Then again, maybe Trump will be assassinated or sidelined and the TLA true candidate, Pence, will rule as they planned all along.

GreenSquirrelJanuary 10, 2017 3:02 PM

@Clive

The problem with attribution is if you see the APT28/9 MO and tools, does it realy mean it's APT28 or APT29 or someone who knows their techniques imitating them? That is do you have "the goose", or another goose pretending to be "the goose" or even a "duck" pretending to be "the goose"?

This is perfectly valid but it underestimates the level of research carried out into the attacks and the supporting assessments.

Crowdstrike - for example - haven't simply said "hey, this bit of malware looks like one APT28 used in 2014."

The attack appears (based on the reporting from the big DFIR names) to have been more complex and utilised a variety of compromised systems to generate a criminal infrastructure - what the crappy DHS report calls In Neutral Space.

The teams of people looking at this, who have been looking at various APT groups for a decade or more agree that everything they are finding is pointing to APT28/29 as the primary adversary group. The malware families used in the attacks has included old families which are now in the public domain but this is not an exclusive list.

Again, going back to Robert Lee's webcast - because he does cover this in depth (arounds slides 10 - 12) - the fact is a lot more effort is expended to identify the most probable attacker than simply saying "it came from a Russian IP address" or "It is some malware we think the Russians used in the past."

Thus how do you know that the two APTs were not being impersonated by a third party?

Well, for most internet citizens, you don't. The people doing DFIR on the compromised systems, however, have better access.

The large security companies (Mandiant etc) have entire departments of technical experts studying these threat actor groups and verifying their campaigns across multiple nationalities. While there is always the probability they could be mistaken by a very highly skilled attacker who hits the holy grail of making no mistakes with their false flag exercise, this is a very low probability event.

The lower confidence support is that the US IC also says it has evidence it was a Russian operation. This could come from covert or sensitive sources meaning we will never know for sure what evidence exists.

However, in the face of this, if Kaspersky, McAfee, Palo Alto, Checkpoint, IBM etc., had any evidence it wasn't the Russians, or even enough to cast doubt on the other players, they would be waving it around from the tree tops. Think of the PR value to any security company in being able to say to Mandiant "Ha, you got an APT attribution wrong!"

A third party may have worked on the assumption that you might have missed the deep long game, thus put out a much noiser signal so you did get to see something...

Fair point. But this is true about everything and leads to a never ending path of doubting the information you have.

So, in line with this thought experiment, what 3rd party has something to gain from getting Trump elected while making it look like the Russians and also has the technical capabilities to mask their own involvement sufficiently that no security company in the world has realised they've done this?

This indicates a level of skill greater than NSA, GRU, Mossad, etc.

This is just the thin edge of the problem with attribution
,

I agree and I don't think anyone in their right mind thinks attribution is easy, simple or guaranteed. It really isn't.

I could go on in greater depth, but by now you and others reading along have got a taste of the problems involved and can see why you have to take great care not to fall into the "assumption trap".

Again, this isn't something I disagree with - it is just that avoiding the assumption trap shouldn't also mean discrediting everything, every security company in the world reports.

If this was entirely a US Government report, based on entirely US Government sources around a hack with only oblique interest to Russia, I would fully agree with you that the weight of evidence was weak (i.e. North Korea hacking Sony).

However, that isn't the case here.

Sticking with your duck/geese analogies:

1) sometimes the thing that walks like a duck and quacks like a duck is actually a duck.
2) if Chris Packham says "that bird is a duck" and a random person on the internet says "Its a goose, why should you believe Chris Packham, he doesnt know anything", you should actually believe Chris Packham. He knows what he is talking about.
3) If Chris Packham says "That bird is a duck" and random people on the internet say "no it isnt, we cant ever know what it is because working out the species of a bird is too difficult without being able to grab it and inspect it yourself, and even then you dont know if it is a donkey disguised as a duck to trick you", you should still believe Chris Packham.

Assumptions are a problem but we live our lives with them, we just pretend they are something else.

If a subject matter expert you trust on everything else within their subject says something about their subject you cant immediately disprove, its probably a good bet to believe them.

mozJanuary 10, 2017 3:06 PM

@Clive

It's what false flag operations are all about and none of the SigInt agencies are sufficiently omnipotent or omnipresent to give that level of confidence. We saw this major failing with the SPE attack.

And yet that's also an assumption. Sometimes you have a guy sitting in the same room. Maybe the other person in the Room when Putin got the report on Podestra's mails? Maybe the webcam in APT28's girlfriend's apartment? Maybe a small implant in her cat's collar. Maybe a small robot fly with video and audio in APT29's operations room?

If they didn't have these things when the attacks started, then it was the NSA's job to work to get them in place before they finished. In most cases they wouldn't be able to tell us or even hint their level of certainty, but they should get together a better story. You are probably right they failed. Too much time spying on soft targets in their allies.

GreenSquirrelJanuary 10, 2017 3:13 PM

Always be suspicious of "a clear and obvious link" when playing at this level.

Turn the question on it's head and ask "In who's interests is it that Hillary did not get ellected?"

You will then start down on a more interesting path... But beware of the obvious it will lead you astray.

Just remember they are all assumptions as well.

Yes, be suspicious of the clear and obvious link but if you spend your life ignoring the obvious because you are searching for hidden meaning you miss the thing hidden in plain sight.

Sancho_PJanuary 10, 2017 5:46 PM

@65535

From their:
“We know it because we spy on their highest rank’s communication”
we can see the usual pattern:

They had bulletproof intelligence but did not protect the United States.
They always watch until disaster strikes.

I’ve lost faith not only in the USA IC, see: “Do you want Hillary or Donald at the top?”

Wait until the Donald is accused a traitor because of alleged connections to Putin, and Obama is back.


@GreenSquirrel

You have a point, no doubt.
Right, to seek for evidence is the wrong end of the stick - evidence is simply impossible.

What makes me boil is the IC’s “we know everything since computers exist, we’ve never influenced or harmed anybody, on the contrary - and we saw them coming, we saw their threats, and still we can’t stop them” whining.

It’s not a question of their will: They can not protect us.
That’s the sad point.

The Russians have invented computers and the Internet.
The Russians do better.
Probably they can.

rJanuary 10, 2017 5:47 PM

@NM,

I'm not supposed to respond to you, but

Are you threatening us with your impotence?

Civil society doesn't care about what you practice in front of the mirror at night, please for the sake of dignified relations grow up. If you have a list of qualifying information related to the CIA NSA or FBI and their exploits then please by all means - publish it - don't hold back dribbling like a retard you're making a mess of the floor.

Better yet, explain to us how the GRU operates on a day to day basis I don't think there's ever been a public leak from them. It could be illuminating to see how the other side plots and schemes or at least thinks, because the meta we're seeing behind your thought process now is pretty much a flat eeg.

PASTEBIN it, it's what Nick P would do - or any other proud data archivist for that matter.

Have respect for your peers, if _some_ of us are not your peers - then why are you here?

SkepticalJanuary 10, 2017 6:36 PM


@Dirk: ...the simple fact of the matter is that a decisive part of the American population has lost faith in the political system of a republic that has turned into a plutocracy favouring the rich and powerful only...

The United States has always combined a deep cynicism about politicians and their motives - and politics in the United States was once a FAR rougher sport than it is today - while still maintaining a deep loyalty and allegiance to the institutions of the government.

The belief you articulate is a running theme in US politics. It was perhaps most famously first exploited by Andrew Jackson, but it has deeper roots. It is a kind of populism that has fueled good movements (Progressivism) and bad movements. It's a part of American culture. There's nothing particularly new about it, though each generation seems to rediscover it.

The bewildering part for many foreign observers is how that component of American culture exists so comfortably with consistently high levels of patriotism.

So, I don't view Russia's airing of insider Democratic politics, snide comments and all, to be a threat to faith in US democracy.

Quite frankly, the notion that exposing such insider politics would have any effect on American views towards democracy is ridiculous to anyone deeply familiar with US culture.

I also fully expect foreign governments to treat US political parties and presidential candidates as legitimate espionage targets. I'd expect nothing less, and history teaches us nothing less.

That's intelligence collection.

When one begins to publicize, deceptively, the fruits of one's hacks and thefts, then one is engaged in an offensive information operation; you're no longer gathering intelligence. You're disrupting the operations of a political enemy, weakening key relationships in certain groups, and grabbing precious airtime for stories of your own choosing.

And that's what they did - they walked into America's house, pilfered private papers and messages, chose some of those calculated to cause problems, and released them at times considered most harmful to their targets in the campaign.

But - and I can't emphasize this enough - the US has centuries of tradition of a free press, and rough and tumble elections, co-existing with faith in democracy and in the democratic system.

Yet in undertaking this ill-advised foray into American politics, Russia has open itself to reprisal at its weakest, most brittle point. And if you doubt that a reprisal is ongoing, or in preparation, you're kidding yourself. We can tease the Americans for taking themselves too seriously - but they really do take their elections seriously, and there will be reprisals that will hurt. This was just a dumb ground for an autocrat to pick a battle on in the internet age - and I can't imagine China is too thrilled with the degree of unrest this has caused, much less with the prospect of a trade war. Needless to say, of course, the entire affair also just further confirms Europe's view of Russia as the addled bear (the Chinese view is... less polite). The cowboy these days is named Yuri.

Is it just me, or have Russian influence operations really suffered a loss in quality since the Cold War days?

rJanuary 10, 2017 7:15 PM

@Clive,

Reliable attribution at the network level no, reliable attribution at the application level from the network level?

Now that's a horse of a different color, how much do you think Mossad shares with GCHQ?

I think you're grossly oversimplifying today's environment, no offense please.

rJanuary 10, 2017 7:16 PM

of the application level from the network level

Maybe with enough IoT you can even break into the biometric level.

rJanuary 10, 2017 7:22 PM

We'd have to be fools to believe that all IC's are a homogeneous group.

Garanteed there are identifies, custom encryption exploits infrastructure the list doesn't stop there to flatten the landscape into simple "ip spoofing" is a mistake.

This is why we track snowden disclosures, to understand capabilities and implementations.

Both of which are guaranteed to differ.

rJanuary 10, 2017 7:36 PM

@Clive, CC: Mod

Sorry, there's alot to read here I see you covered larger than "ip spoofing" my apologies. The only thing I listed that I think Mossad wouldn't share with GCHQ was customized encryption - which qualifies as application level but I really don't see Mossad using it during an official op as they would have their own.

You really think a full blown op would have the foresight to communicate using someone elses tools in a hostile environment with the NSA potentially watching?

Fool's errand maybe, it leaves the doors potentially WIDE open to your cover.

rJanuary 10, 2017 7:55 PM

Plus, this stuff occurred not just over a single instance - but it was a sustained operation. Sure somebody reading Snowden could've adopted a generic solution: AES or the like and that would explain the NSA's "50%" BUT - is this just one event amid a group of unrelated others? Ukraine, MH17, France, Turkey, Israel?

Maybe somebody grabbed a nail gun and fired a couple rounds in a pre-existing floor, it's possible but how improbable can it be?

rJanuary 10, 2017 8:01 PM

Because of the national security implications we don't know what they have, and it's a good idea to stay mum on your exact numbers and processes for this exact reason - you don't want others basking in wool suits that are cover for your eyes. It's counter productive.

Israel is capable within absolute certainty, but are they sufficiently motivated for such a sustained event?

W0January 10, 2017 8:17 PM

"Obama decided not to make the accusation public before the election so as not to be seen as influencing the election."
Sorry, this makes no sense at all.

Thomas_HJanuary 11, 2017 4:47 AM

@Sancho_P:

Starting with character assassination?

Trump rejects new 'compromising' Russia claims

Now it's likely that Trump does have some truly compromising baggage, but this just reeks of "way too convenient to show up at this point". According to another news item on a local news website, the info comes from an ex-MI6 employee who was hired by US anti-Trump parties to investigate what the Russians knew on Trump, and of course it's those darn Ruskies at it again. It's completely illogical in light of the claims in the earlier TLA report, doesn't answer why the TLA's couldn't find this information on their own, and very suspiciously timed.

So are we just seeing in the open the way certain groups pressure future US presidents in doing what they want the POTUS to do? And since Trump has basically publicly indicated he would continue doing his own thing despite internal meetings aimed at steering him the chosen strategy is "divide and conquer" by driving a wedge between Trump and his perceived puppeteer Putin?

If so, then the USA has much worse problems than electing Trump president...

Clive RobinsonJanuary 11, 2017 7:29 PM

@ Greensquirrel,

I'm actually quite serious about asking not "Who Wants Trump" but asking "Who Does Not Want Hillary".

It's a point everybody realy should be considering, because the "Putin wants Trump" argument is actually not a particularly good one, and they should stop being "led by the nose" on this and start actually taking a look around.

It is public information that the CIA had at a senior level a hard on for Hillary, sufficiently so that at least two of them made their support public... This is grossly partisan behaviour and I am flabagasted that alarm bells have not been ringing at 180db in US citizens heads.

It is reasonably well known that the CIA, FBI and NSA are involved in a major turf war and that was made blindingly obvious to everyone post 9/11. The fact that the CIA so obviously had the hots for Hillary is more than sufficient to explain the FBI's Comey's behaviour with regards his response to the Republicans. Further it raises the question of why the NSA is not agreeing with the Russia hacked the election rehtoric from the Democratic camp, when you consider they failed to spot any Russian Hacking. You can not argue the NSA were to stupid to see it in one breath then claim they are all powerfull in the next which is what people have been doing.

Further today we find the CIA has been medeling yet again over a bunch of vagueness from anonymous --presumably rewarded-- sources compiled by an ex MI6 individual working for a company hired by the Democrats to "Find dirt on Trump". The only piece of information that was not so vague it could be factually checked turned out to be compleatly invented... Yet the CIA managed to get two media outlets to publish it, whilst every other news outlet had been treating it with a great deal of suspicion for very obvious reasons. Does this not strike US citizens as very odd?

Personally I think people in the US should stop looking half way around the world chasing grandiose accusations that actually amount to next to nothing and look a lot closer to home.

In the three way game of chess that is the "IC turf war" in the US the CIA lost their queen to be. So they are now trying to salt the ground for somebody else's king in waiting. I'll let you work out who is going to benifit most by the toppling of Hillary.

GreenSquirrelJanuary 12, 2017 1:51 AM

@Clive

I'm actually quite serious about asking not "Who Wants Trump" but asking "Who Does Not Want Hillary".

I know you are. I am not saying that this isn't a valid line of reasoning, but it isn't automatically a better way of establishing things than basing it on who wants Trump.

The reality is that the choice of who wants trump/who doesn't want hillary is almost certainly going to be driven by which gives the outcome you prefer.

It's a point everybody realy should be considering, because the "Putin wants Trump" argument is actually not a particularly good one, and they should stop being "led by the nose" on this and start actually taking a look around.

Except it is actually a good argument. Putin had a better working relationship with Trump prior to his entry into the race and the indications are very strong that this will continue and build during Trump's presidency. Trumps viewpoints regarding things like Nato and other geopolitical areas are much more aligned with Putin's interests than (for example) Clintons - as she largely represented the US political status quo.

I will agree that Putin wants Trump isn't a good enough argument for "Russia Did It" on its own, but it isn't on its own. That's the point.

Further it raises the question of why the NSA is not agreeing with the Russia hacked the election rehtoric

Except the NSA does agree with almost all of the APT28 attribution. There is one area where they only agree with medium confidence. That is significantly different from saying they dont agree.

Personally I think people in the US should stop looking half way around the world chasing grandiose accusations that actually amount to next to nothing and look a lot closer to home.

This sounds reasonable but flies in the face of the available information and, at the moment, largely amounts to a conspiracy theory which would require Machiavellian planning and a level of secrecy largely unknown across the world.

While it can be argued that no single bit of evidence is overwhelming, the problem I have with the "someone else did it" (or even the implied FBI did it from here) is that, for it to be valid, you have to ignore 99.99% of the evidence and give greater credence to the 0.01% which is largely supposition and assumptions.

Saying people should think that the FBI hacked Clinton because the CIA supported her is beyond an extraordinary claim. Believing this on the basis that the evidence looks like the Russians makes close to no sense.

If you feel there isn't enough evidence to say the Russians did it, you have to bear in mind that every competing theory has less evidence.

Dirk PraetJanuary 12, 2017 6:40 AM

@ Clive, @ GreenSquirrel

If you feel there isn't enough evidence to say the Russians did it, you have to bear in mind that every competing theory has less evidence.

As another commenter pointed out earlier, we probably need to differentiate between which part(y)(ies) breached the DNC systems and who actually passed those documents on. For me, the most likely theory still is that it was done by a disgruntled Sanders supporter and I find it pretty odd that despite being so obvious it almost bites you in the nose, this venue nowadays seems to have been abandoned by all but a few lone conspiracy theorists like @Clive and myself.

I believe the discovery of APT28/29 on the DNC servers for the IC represented a golden opportunity to spin the entire story into a narrative that not only furthers anti-Russia hysteria but also discredits a president-elect many within the US IC and political establishment perceive as a clear and imminent danger both to national security and their own interests. That's means, motive and opportunity.

It's probably safe to assume that in the time to come we can expect more "leaks" like the report of that former MI6 person, and which I highly doubt the Russians had anything to do with. Making it again quite obvious that there's more at work here than meets the eye.

Clive RobinsonJanuary 12, 2017 7:22 AM

@ GreenSquirrel,

Firstly you need to expand your comment of,

I will agree that Putin wants Trump isn't a good enough argument for "Russia Did It" on its own, but it isn't on its own. That's the point.

It reads as though you are saying it was not just Russia, but Russia and another entity/country.

Secondly with,

That is significantly different from saying they dont agree.

You are saying someting I did not say. It's not a two value argument, therefor you can not just invert things. To see why, think of the simple case of -1,0,+1. I said the NSA are not doing +1, you have inverted that to say I'm saying -1.

What I was saying --at the time-- was that the NSA did not say it agreed with the proposition presented by other US IC. I did not say that they had disagreed with it.

Thus to make things clear befor people start claiming the same with me. I neither agree or disagree with the proposition, to be honest it is of little interest to me as there is nothing unique about propoganda and data hacking separately or combined (need I say fairycakes to you?). We have very good reason to belive the US has done similar repeatedly in many European areas during the Obama Terms (even Mummy phoned in to complain).

What I take question with, is what is being done, and how it's being done and way less the probable --political-- reasons why. And I have disagreed with this US behaviour since before China APT and disagreed with it. Because it misleads the US Citizens for political and economic reasons and thus they fail to take measured and appropriate decisions thus actions. Worse perhaps is that those "commercial organisations" you are making claims for have fallen into line repeatedly with the political rhetoric. Need I remind you of what the AV companies "were not doing" about protecting their paying customers from Government malware etc...

All this current "Russia Inside" noise is in reality a storm in a tea cup trying to be worked up into a tempest by a tiny group of self interested individuals. Even in the unlikely event it is true that a vast majority of US citizens changed their opinion because some --probable-- truth was made available to them does not change the fact that it's not going to realy change anything other than distract attention away from highly questionable behaviour by that tiny group of self intetested individuals.

As I've repeatedly said "extrodinary claims require extrodinary evidence" when it comes to diplomacy "done in public", further they also require clean hands and an honest approach by trustworthy individuals. None of which we are actually seeing, thus you have to consider not just who benifits but what harms it causes everybody else, which is not what is happening, which means the harms are almost certainly on their way to most US citizens and many others besides.

The simple fact is people are being led by the nose by the tiny group of self interested individuals. That group has played the nationalist tribal card harking back to "Reds under the bed" and "Unamerican behaviour" that in the past caused immense damage to the USA, not just it's citizens but it's global standing as well.

But worse it's hoodwinked people into beliving that it's being impartialy investigated, when the reality is it is pretty much all cognative bias, seeking not the truth but spin to justify with.

Science shows that a hypothesis can be proved in one of two ways, firstly look at indicative and testable evidence, which is usually cognitively biased as that was generaly how the hypothesis was thought up. Secondly and much more importantly prove the hypothesis to be false.

What we over ridingly see in this "Russia Inside" is trying to grab any straw to try and "make it so", whilst failing to investigate why it might be false.

Remember that the hypothesis of "Russia Inside" is that "Russia significantly and materialy affected the US election such that Hillary Clinton Lost". There is actually no evidence so far given that she did lose by Russian action, there is however sufficient evidence she actually won the majority of votes, and it was the US voting system of the electoral college that caused her to lose.

Therefore the "Russia Inside" hypothesis has kind of failed at that point. Which is something people appear to be forgetting. Thus the solution to the problem would appear to be to fix the peculiar US voting system, because the stated purpose of the electoral college is to "keep out the unfit from office" well if the US statments that Donald Trump is unfit are to be belived then clearly the electoral college has not just failed it's done the opposite of what it is designed to do... So why are we not hearing about changing it, could it be that the fact historically it has disproportionately favoured candidates of southern origin is seen by the political class as more important to their self interest?

So if the original "Russia Inside" hypothesis is a dud and it certainly appears to be so, two questions arise. Firstly how do you have to change the hypothesis to not be a dud? Secondly if you do make those changes what are the implications of those changes?

Importantly how much harm will the making of the dud hypothesis true do, due to the activities that will follow as night follows day?

We've already seen one proposal of making the voting system "Critical Infrastructure". Which I personaly think would be an absolute disaster for the US citizens as it would almost certainly be used to "prevent the wrong sort of voters". Historicaly that is realy bad as it led to significant civil unrest, sanctioned guard labour brutality and much worse including extrajudicial executions, not just in other countries but the US as well. It's very definitely a "You don't want to go there" option, much like running in a bear trap laden maze.

Thus ignoring that the "Russia Inside" hypothesis is as was originaly presented false and running around trying desperatly to make it true is not likely to be good for the US citizens, most likely the very opposite.

There is thus no room to carry on being led by the nose down the cognitively biased road, it's way to dangerous. The alternative route has to be taken. Then and only when what is left is credible do you calmly sit down and consider careful and measured actions.

But of course that is to inconvenient for that small self interested group, after all what other things might come out about them if we do?

A few days ago Bruce invoked British author Sir Arthur Conan Doyle and the methods of detection that it in turn invokes. The simple fact is I don't see anybody using them properly with the "Russia Inside" claims, just lip service. Nor do I see the proper use of hypothesis testing being done. What I see is "Rabble Raising" behaviour to incite the crowd to a lynching.

I guess each to their own, after all what is the harm with "The witch finder" method of justice? After all if you sell faggots and stakes it's good business and draws the rabble nicely to watch the flames burn there own..

But much as I dislike it, on a political note, for some considerable time it's been clear that for the average US citizen that their standing in the world is dropping as is their standard of living and their ability to plan for any future without fear and uncertainty. All of which damages their health and in turn shortens their lives.

They are losing their homes, their health care, and seeing ever increasing numbers of their children being imprisoned, whilst the 1% of the 1% gain ever more wealth and apparent immunity from their actions. Most US middle class know that they are now at best third class citizens. All the while the "same old same old" US administrations irrespective of party pass more and more legislation to keep that trend going. Jobs go out, poverty and sickness comes in and education and the real cost of living keeps rising well above any wages. All of which is made worse by the theft and devaluation that quantative easing does.

What these citizens also see is not just their jobs going, but they get shown by US MSM that the old "Red Nations" along with other supposadly third class nations --of Brazil, China, Eastern Europe, Far East, Mexico, India, Russia etc-- are where those jobs are going to. They also get told by the MSM of the economic rise of these nations apparently at their expense, with the 1% of the 1% profiting greatly from the rise of these nations again at the expense of US tax paying citizens and those who hope to find work.

These US citizens at the bottom also understand the power of surveillance, they use it against the hated guard labour of the privileged, unfortunatly they are not yet as aware that it works both ways, and a net is slowly but surely drawing them in, but they are learning, faster than most because they are on the sharp end of the stick that drives them into the concrete and iron cages of the highly lucrative private prison business.

Thus Donald Trump comes along, he's not a despised politician, and he's definitely,not a GOP acolyte. He gave the Republicans a choice anoint me or lose to the hated Hillary. They did the calculation and capitulated and tried to smile about it, figuring that they would gain in the houses off of the reflected glory and thus be able to get their way when he was in power. But Trump says very loudly he can fix the things that are hurting the majority of US Citizens, that the GOP don't want changed. He says he's going to do this by making the 1% of the 1% pay their due, and pulling jobs back to the US and keeping foreigners out.

But worse, much worse of all for the global US corporates in their lucrative tax havens, by tearing up the Trade Treaties with the secret clauses that they and their lawyers had worked so hard to get. Those clauses that would have handed them a level of power over Sovereign Nations that even the US Government or Stalin could only have dreamed of less than a decade ago. Thus it's fair to say that whilst the US citizens might well want "The Donald" neither the global corporates who fund the Republicans, or the Republicans want him, he's a loose cannon that has to keep firing off tweets and catch phrases, but knows he's going to have to deliver a lot lot more than Obama failed to do. Which means he's dangerous to a lot of people with a lot of money to loose.

Add to this the latest bit of CIA endorsed nonsense --from an Ex and apparently now deluded MI6 man-- payed for twice over not just by Trump detesting Republicans but Democrats as well and the CIA are starting to look very partisan to even US citizens. Likewise the US MSM are loosing credability as well. How this is going to play out over Trumps first term is anybodies guess. But one thing is reasonably certain is that of Trump and Hillary, Trump is the least likely to push foreign nations politicaly, economicaly however is the opposit, and that is going to be a lot lot more interesting.

But remember the "Trump Effect" is not just a US phenomenon. Look at the UK and Brexit, 2017 is going to prove very rocky for EU stability with just under a half of the nations having significant votes. They and other WASP nations are seeing a return to nationalism be it by left or right wing politics. Whilst it might be seen by the MIC as lucrative times ahead, most others are going to see the opposite, because trade needs nationalism like it needs a maze with bear traps. It could easily start yet another global slowdown, which the critical natural resource rich nations including Russia and China will do better out of than those who have used or squandered their natural resources thus become dependent on those critical natural resource supplying nations. At the end of the day, land is only realy worth what you can grow on it or dig out from underneath it, industry has wheels not just on it's machinery but on it's ability to move. The US and other WASP nations have exported their industry, and become dependent on imports not just from the now foreign industry, but the energy that powers industry and the resources that feed it. Thus what real value incentive has industry to up sticks and return to any given area of land, especially if it's going to cost more not just in the short term but the long term?

Thus you need to consider, if as some claim Trump is friendly to Putin and resource rich Russia it might just be better for the majority of US citizens, than Hillaries all to public hate and loathing. Thus regardless of how the US got there and the arguments it has caused --which is not new either-- the real questions to be answered are, is it going to be better for the US citizens in the short term? and the long term? The "Russia Inside" question is in comparison just froth in the wind.

RatioJanuary 12, 2017 7:51 AM

@Clive Robinson,

I will agree that Putin wants Trump isn't a good enough argument for "Russia Did It" on its own, but it isn't on its own. That's the point.

It reads as though you are saying it was not just Russia, but Russia and another entity/country.

No, @GreenSquirrel is saying that "Russia Did It" can't be based solely on the argument that Putin wants Trump, while adding that that isn't the only argument.

TatütataJanuary 12, 2017 10:38 AM

Re: 10 January update.

The UK’s role suggests that the compromise of email exchanges among senior Democrats was spotted when voice intercepts, computer traffic or agents picked up content of the emails flowing towards Moscow.

Blighty sniffing US traffic touching her shores, and disclosing the findings to the cousins in a somewhat deniable fashion?

Shades of bloody Zimmermann telegram...

My goodness! It's was 100 years ago, to the day!

GreenSquirrelJanuary 12, 2017 3:26 PM

@Dirk Praet

For me, the most likely theory still is that it was done by a disgruntled Sanders supporter and I find it pretty odd that despite being so obvious it almost bites you in the nose, this venue nowadays seems to have been abandoned by all but a few lone conspiracy theorists like @Clive and myself.

It has possibilities but things like Occams Razor tend to get applied.

Every suggested alternative to APT28-Russians adds layers of complexity which fail to align to the available evidence.

When the IR people started looking at this, they will have considered the insider threat first and been busy capturing data to see if they could prove that. So, in this instance, it is a disgruntled Sanders supporter who is technically literate enough to exfiltrate data without leaving any traces which could be recovered by some leading digital forensics companies.

While this is possible, it feels less likely than "It was the Russians" and would need some extraordinary evidence to make me believe it.

I believe the discovery of APT28/29 on the DNC servers for the IC represented a golden opportunity to spin the entire story into a narrative that not only furthers anti-Russia hysteria but also discredits a president-elect many within the US IC and political establishment perceive as a clear and imminent danger both to national security and their own interests.

The first reports of this were from private sector companies. In this instance the US IC jumped on the bandwagon rather than led the narrative.

It's probably safe to assume that in the time to come we can expect more "leaks" like the report of that former MI6 person, and which I highly doubt the Russians had anything to do with. Making it again quite obvious that there's more at work here than meets the eye.

I agree we will see more leaks like this but I don't think they do anything to change the attribution of the DNC hack. They are unrelated events and show more the susceptibility of the press and the public to jump at the hint of a news item.

GreenSquirrelJanuary 12, 2017 4:13 PM

@Clive

It reads as though you are saying it was not just Russia, but Russia and another entity/country.

As Ratio says, that isn't what I meant to say.

You are saying someting I did not say. It's not a two value argument, therefor you can not just invert things. To see why, think of the simple case of -1,0,+1. I said the NSA are not doing +1, you have inverted that to say I'm saying -1.

Ok, you said why the NSA is not agreeing which I took as you saying the NSA were disagreeing with the rest of the IC. If that is incorrect, sorry.

My point was, however, that the NSA does agree with the assessment. The only variation is one indicator which has a slightly lower confidence in. The overall position by the DHS, FBI, CIA, NSA, DOD (and I assume every other agency involved) is the same as the position taken by the civilian security community in that the hack was APT28/29 and APT28/29 is the Russian Government.

The difference with the NSA assessment is that they only have medium confidence that this statement is true:

We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.

They report that the CIA and FBI have high confidence this is true which implies this comes from a HUMINT source rather than SIGINT.

This is the only disagreement between the NSA, CIA and FBI in the reported data.

Worse perhaps is that those "commercial organisations" you are making claims for have fallen into line repeatedly with the political rhetoric.

These organisations (they are commercial, you don't need to put it in quotes) are from different countries with different political drivers. They often don't agree with government positions and they would love to be able to disagree with each other.

Rather than seeing this as falling in line, this is actually them all reaching the same conclusion looking at the evidence. Just to be clear, at least one of the companies involved is actually Russian. If you think they are falling in line behind the US IC then the rabbit hole is too deep for you to see your way out.

What we over ridingly see in this "Russia Inside" is trying to grab any straw to try and "make it so", whilst failing to investigate why it might be false.

Far from it. Russia ran an information op against the US. Its the same as the US runs against Russia and other countries. This one was effective.

It isn't clutching at straws - and is certainly less straw than saying "its something else, anything else" which is what the competing theories are.

Other lines have been investigated. There is no evidence for them and while a lack of proof is not proof, it does mean you should go down the route you actually have evidence for.

Using the science example, if you have a theory that antibiotics kill bacteria, you do a test and see it happens, you don't suddenly decide oh maybe it wasn't the antibiotics, it might have been phase of the moon and the alignment of taurus in the waxing moon.

The security researchers working on this are actually pretty good at their job. Why do you think they've completely failed to consider anything else here and why do you think the evidence which matches the hypothesis should be ignored because a different hypothesis, which has no evidence, simply provides an alternative theory?

Remember that the hypothesis of "Russia Inside" is that "Russia significantly and materialy affected the US election such that Hillary Clinton Lost".

Nope. It isn't. The hypothesis here is that a group acting on behalf of the Russian government hacked the DNC in an effort to influence the US election. There is evidence that this did work but you've added a lot of specifics which no one is claiming.

Creating a strawman to destroy in support of your alternative theory doesn't make sense.

As I've repeatedly said "extrodinary claims require extrodinary evidence" when it comes to diplomacy "done in public", further they also require clean hands and an honest approach by trustworthy individuals.

I have two issues with this.

First off - the problem with diplomacy is that it rarely works in an open and honest manner. Most diplomacy involves closed door meetings with significant variations between publicly stated positions and the reality of what is agreed. Demanding open and honesty in this situation seems a bit pointless.

Secondly, which claim is the most extraordinary?

A) A government with known info-ops capabilities conducts an info-op to provide material for a favoured politician during the election cycle in a nation with which they've had a "competitive" history for decades. This is carried out using cyber-TTPs which have been associated with the government for at least six years in a manner consistent with the training and doctrine their intelligence agencies follow and, as they are governed by an ex-Intelligence Services officer with Cold War experience, fits in with their overall global plans.

B) A secret cabal or disaffected insider uses their technical mastery to carry out the info op and leave a nice package of false-flag data without once doing anything which then compromises them. They do this for an unknown reason and have no history of ever operating in this manner. They cover their tracks to such a degree that despite multiple security vendors searching for tracks, nothing is found and no one involved in the activity ever leaks (or boasts), even accidentally, about how super-l33t they are.

At a very fundamental level every claim it wasn't the Russians is actually more of an extraordinary claim than it was the Russians. If there isn't sufficient evidence for you to believe it was the Russians, then I suspect there isn't enough evidence for you to believe it even happened.

Add to this the latest bit of CIA endorsed nonsense --from an Ex and apparently now deluded MI6 man-- payed for twice over not just by Trump detesting Republicans but Democrats as well and the CIA are starting to look very partisan to even US citizens.

The CIA didn't endorse the report. Don't be misled by media spin on a false news item.

Thus you need to consider, if as some claim Trump is friendly to Putin and resource rich Russia it might just be better for the majority of US citizens, than Hillaries all to public hate and loathing.

You are misreading a lot of what I am saying here, and possibly what others are saying here.

The position that Russia hacked the DNC and allowed this information to become public in order that Hillary's campaign would suffer doesn't automatically mean that is the only reason that Trump was elected. I genuinely believe that the election had a good chance of going Trumps way without the emails.

However, the emails were obviously important (and useful) enough to Trump to be repeatedly used by his campaign so someone must have felt they had an effect.

I am also not saying that a closer relationship between Russia and the US is a bad thing. It may make the world more stable but it may not. Its interesting that the US is happier to build bridges with its traditional enemy rather than its southern neighbour but that could have multiple drivers.

The point there circles back to what you said about open and honest diplomacy - if you believe in it, you cant support the idea that Putin influenced the election to even a small extent.

The people who scream "Jail Hillary" during the campaign weren't saying "Lets be friends with Russia." However the got the latter not the former. The RIS activity gave an unfair advantage to one side of the political campaign and is likely to lead to ties which most voters wouldn't have supported had they known about it.

I find it confusing that arguments about exceptional evidence and open democracy are being used to support evidence-free conspiracy theories and giving tacit approval to covert information-operations which altered the elections of a sovereign nation.

When the UK or US do this countries we are, quite rightly, at least annoyed if not outraged. If the US were discovered to be leaking partisan political information during (say) the German elections, there would (I hope) be outrage. There should be outrage about what Russia is doing here.

Dirk PraetJanuary 12, 2017 6:21 PM

@ GreenSquirrel

So, in this instance, it is a disgruntled Sanders supporter who is technically literate enough to exfiltrate data without leaving any traces which could be recovered by some leading digital forensics companies.

Folks like Ed Snowden and Bradley/Chelsea Manning were able to sneak out troves of data from heavily protected military and NSA networks. As far as I know, Manning wasn't much of a tech wiz and Snowden was a low-level sysadmin. Unless the DNC had meticulous logging and auditing in place on their internal network(s), anyone with an admin password could have run off with those data on a flash drive leaving no trace whatsoever of what was taken when and by whom. In my experience, the vast majority of organisations never bother to set up a comprehensive auditing framework because it requires additional budget for disk space, tools and expertise they'd rather spend on way more important stuff like ensuring everyone in management has the latest iPhone.

Determining what happened to a specific piece of data is not that different from recovering it. If you have no backup, there's nothing to recover. If you have no decent logging and auditing in place, there's nothing to determine.

In this instance the US IC jumped on the bandwagon rather than led the narrative.

That's exactly what I'm saying. Forensics companies found traces of spyware previously attributed to APT28/29, the IC made sure everything lead back to Russia. That's perfectly within their capabilities, and it's not like they're particularly shy of some parallel reconstruction. Nothing outlandish here.

They are unrelated events and show more the susceptibility of the press and the public to jump at the hint of a news item.

I don't think these are unrelated events. Both perfectly fit into the bigger picture of damaging Trump and vilifying Putin.

@ Skeptical

This is akin to someone claiming that given Europe's own sordid history of violence against persons from the Middle East and North Africa, they ought not be angry when ISIS or other organizations commits acts of violence against them.

If tomorrow I defecate in someone's living room at a house party, I have very little standing to be infuriated if next week someone throws up in mine. And yes, us here in Europe are extremely angry with Daesh swines killing innocent people, but we're not about to start a new crusade over it. And if the war criminals Bush and Blair hadn't seen fit to invade Iraq and make a total mess of it, that neanderthal death cult would probably not even have existed in the first place.

Sancho_PJanuary 12, 2017 6:21 PM

@ GreenSquirrel,

Please don’t call evidence what is hearsay.
I think you yourself have acknowledged that at the moment not one single point would stand before a judge.
A sheer amount doesn’t help, on the contrary, it looks like a smokescreen.

Calling it evidence poisons all your otherwise thoughtful comments.

What appears as one entity is often the result of two or more, sometimes unrelated, causes.

Btw, at first it does not matter who and why, that might be interesting to historians.

The first would be the content of the leak and which conclusions are appropriate.

It is a shame that your outgoing President is a coward.
Even mummy grabbed the phone to vent her anger.
Neighbors or not, good relations are paramount.
Obama had 8 years to close up to Putin, but he couldn’t.
A looser.

rJanuary 12, 2017 6:37 PM

@Sancho_Panza,

Wow,

So any man who may hold reservations and dignity is a coward?

And here I thought men who wouldn't throw down their arms before blowing holes in each other with .45's were cowards.

I'd hate to be the one to remind you what a real man looks like.

Seriously? Where did that come from? How about you trade jobs with a US President for a couple years.

rJanuary 12, 2017 6:39 PM

Hasn't there been enough death and mistakes at the heavy hand of interdiction? Or does that make me a coward to say publicly too?

rJanuary 12, 2017 6:54 PM

@Dirk,

Again,

Determining what happened to a specific piece of data is not that different from recovering it. If you have no backup, there's nothing to recover. If you have no decent logging and auditing in place, there's nothing to determine.

You guys are simplifying the environment, the NSA obviously is referencing the problem you're failing to address here: 50% confidence.

I am and have been fully behind the HUMINT/SIGINT difference, why is it you neglect to address a slightly neutered post-Snowden capabilities top-down view?

Do you think the NSA actually quit being the NSA sometime since 2013?

rJanuary 12, 2017 7:11 PM

Cowards do not go on sit-down strikes, tie themselves to trees, protest in front of the banks that own them with the FBI watching. Cowards hijack a polish truck driver and smash it through the gates of civility, cowards blow themselves up before they can be held accountable for their actions.

Cowards sit down at a welcoming church and wait until the final prayer to let loose the evil in their heart.

Cowards do not speak their heart to others, they hide and they lie.

It's fine and dandy to disagree, but that's one truth that will never change in the eyes of a painted face.

rJanuary 12, 2017 7:38 PM

Their hearts betray them through action, that's cowardice. I've always thought that our ears tell us what we want to hear, our eyes see what we want to see. Our hearts lie to our minds telling us that things are of need and not of want.

Can we ever decouple ourselves from our selves?

Every thing we say, everything we do leaves metaphysical footprints in the world around us.

Data to be harvested and mined, let that idea cultivate for a little while before you take your next step.

Evil will eventually betray you, through both your own hand and through others for it knows no bounds.

RatioJanuary 12, 2017 10:58 PM

@Dirk Praet,

And yes, us here in Europe are extremely angry with Daesh swines killing innocent people, but we're not about to start a new crusade over it.

It's well known that the Crusades had nothing to do with religion either.

And if the war criminals Bush and Blair hadn't seen fit to invade Iraq and make a total mess of it, that neanderthal death cult would probably not even have existed in the first place.

What exactly are you asserting?

(No need to badmouth Neanderthals.)

GreenSquirrelJanuary 13, 2017 2:33 AM

@Dirk Praet

Folks like Ed Snowden and Bradley/Chelsea Manning were able to sneak out troves of data from heavily protected military and NSA networks.

Yes, but once they had exfiltrated their data, the agencies were able to largely identify who had done what. The challenge faced with Snowden was not the how and who aspects it was the what exactly has gone.

Unless the DNC had meticulous logging and auditing in place on their internal network(s), anyone with an admin password could have run off with those data on a flash drive leaving no trace whatsoever of what was taken when and by whom.

Not strictly true. Yes you can access the data and copy it to a flash drive but this is captured in the system logs and available to the DFIR guys doing examinations. While this isn't perfect, it does mean the attack has had to be very, very lucky to exfiltrate data without leaving anything an investigator can find.

They were also amazingly lucky that it largely coincided with an APT28 attack on the same people for the same data......

I truly agree with you that most organisations are too slack on security and that the insider threat is a genuine issue. However, that is largely around one end of the incident lifecycle. Once and incident has occurred and the digital forensics teams are involved, the game changes. Significantly.

Forensics companies found traces of spyware previously attributed to APT28/29, the IC made sure everything lead back to Russia.

Again not quite. APT28/29 were identified as Russian government actors in 2014 and have been largely correlated with the SOFACY / DUKES APT groups identified as Russian in as far back as 1998.

Here the IC has shown amazing prescience in attributing the attackers to Russia two years before the attack.

In 2014 Fireeye published a report stating APT28 was a Russian state sponsored group. No one challenged it with any credibility at the time. In 2015 multiple organisations identified APT29 as Russian state sponsored.

In 2016 multiple organisations identify an attack on the DNC accessing emails which were subsequently released to the public as being launched by APT28/29.

The link to Russia was in place before the attack. The investigation identified the attackers accessing the data which was leaked.

Yes, something else might have happened but...............

Dirk PraetJanuary 13, 2017 6:29 AM

@ GreenSquirrel

Yes you can access the data and copy it to a flash drive but this is captured in the system logs and available to the DFIR guys doing examinations.

Only on high-assurance systems. The system/audit logs of traditional COTS operating systems in a default setup do not automatically log who has touched what data and when. That has to be explicitly configured and eats tons of disk space. I have done quite some digital forensics work, by the way, and comprehensive logging and auditing has consistently been one of the top recommendations in any security audit report I have ever written. And one of the most ignored, I might add.

the insider threat is a genuine issue.

It's actually your top issue 8-) I have stopped counting the number of incidents where I was called in because some former employee or associate apparently had ran off with company IP or a salesrep with the customer and contract database. Sometimes I caught a lucky break when the perp had been stupid enough to copy data using his/her VPN access the sysadmin had forgotten to deactivate. Or that some IDS component had logged attachment of an unknown external USB device to his/her workstation at a rather weird time of the day. But in many cases it was virtually impossible to make anything stick in court for lack of decent audit logs, even though all circumstantial evidence pointed in his/her direction.

APT28/29 were identified as Russian government actors in 2014 and have been largely correlated with the SOFACY / DUKES APT groups identified as Russian in as far back as 1998.

I am not denying APT28/29 had been previously associated with Russian actors, and there is a fair chance that indeed they had breached the DNC systems. But that still doesn't prove the Russian government was also behind the release of those documents, and which may account for the NSA's "moderate confidence" assessment. I also don't understand why the Kremlin would endorse publishing the fruits of an operation by means of a known APT and executed in what many describe as a seriously sloppy or even incompetent way, knowing that it would create a huge diplomatic incident. It feels counter-intuitive to say the least. There's many things to say about Wladimir Putin, but he sure ain't no dumbass.

@ Ratio

It's well known that the Crusades had nothing to do with religion either.

Your point being ?

What exactly are you asserting?

Daesh (ISIS) has a mother and a father: Saudi Wahabism and the (illegal) Iraq war.
At a recent confirmation hearing, someone asked Rex Tillerson if he would agree that Putin is a war criminal. While this is certainly open for debate, I don't think you have any idea just how revolting such a question sounds coming from an elected representative of a country one of whose former presidents by all criteria is one himself and was never held accountable for them in any way. At least in the UK there was the Chilcot report. However much I would like to believe statements that in the US the president is bound by institutions and strong checks and balances, George W. Bush is living proof that this is not the case. I wouldn't even be surprised if sooner or later some moron suggests naming a new aircraft carrier after him.

GreenSquirrelJanuary 13, 2017 8:14 AM

@Sancho_P

Please don’t call evidence what is hearsay. I think you yourself have acknowledged that at the moment not one single point would stand before a judge. A sheer amount doesn’t help, on the contrary, it looks like a smokescreen.

Evidence is evidence. Evidence applicable to a court is a world of difference but it doesn't stop the evidence being evidence. Hearsay is something different.

The information collected off the DNC and correlated with organisations used to provide the attack infrastructure is digital evidence. It is unlikely it will all have been captured in a legally sound manner and different countries have different requirements for this.

It is still evidence.

The claim that this is a false flag operation to to discredit Putin is hearsay.


It is a shame that your outgoing President is a coward.

Not my president.

GreenSquirrelJanuary 13, 2017 8:26 AM

@Dirk Praet

Only on high-assurance systems. The system/audit logs of traditional COTS operating systems in a default setup do not automatically log who has touched what data and when.

The issue here is the level of detail needed. As an example,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
does capture the USB activity and you would expect a competent DFIR investigator to check this and try and correlate the connections with other timestamps to establish the events leading up to the data loss. It wont say who but it will say USB device connected on $date.

I am not disagreeing for even a nanosecond the fact that audit and logging is invariably crap, however it is one of many tools available to an investigator - and even though I am not a seasoned digital forensics expert, I have carried out incident investigations where we have been able to identify insider misuse despite poor logging.

But that still doesn't prove the Russian government was also behind the release of those documents, and which may account for the NSA's "moderate confidence" assessment.

I agree.

This is a very different issue though and isn't one supported by saying the private sector work was wrong.

Worryingly it also smacks a little bit of the god of the gaps in that we are now looking for more and more specific edge cases to try and disprove the overall assessment.

Is this really a case of us saying that the Russians hacked the DNC, accessed the data which was leaked to Wikileaks and by a lucky coincidence an insider took the same data and leaked it without any interaction with the Russians.

It is possible.

However - there is no evidence which currently supports this theory and it adds extra layers of complexity with an associated reduction in probability.

Sancho_PJanuary 13, 2017 9:52 AM

@GreenSquirrel

”It is still [digital] evidence.”
I strongly disagree with the term “evidence” in this context.

To be evidence it must comply with at least three points:

a) Trusted source (e.g. certified system, not COTS)
b) Trusted handling (e.g. not all investigating a "copy"
b) Reproducibility (e.g. defendant has access to a) and b)

For the intangible digital information this is nearly infeasible,
but it is impossible with COTS environment involved (see @Dirk Praet’s posting).
What was made public fails all three points.

”… false flag operation to to discredit Putin is hearsay.” (my emph)
I did not claim that, I think it’s wrong, but I don’t like early conclusions.
On the contrary, it might be a smokescreen to hide the undemocratic actions in the democratic party, or their (TLAs) own incompetence (they did not protect America).

But it will make Putin stronger + is a further step to a serious confrontation.

And I concur with @Dirk, how can one think Putin is that stupid?
Ever heard that guy speaking? Watched his actions?

It’s a huge failure to go public with suspicions instead of confronting your [fillinwhatyouwant] directly, face to face.
I apologize for assuming this weak guy to be your president.

GreenSquirrelJanuary 13, 2017 11:07 AM

@Sancho_P

To be evidence it must comply with at least three points:

I think you are focussing on evidence admissible to a court here and like I said, every court has different rules around this.

Inadmissable evidence is still evidence.

For the intangible digital information this is nearly infeasible,

Yet digital evidence is often collected in an admissible manner and can be used in some court cases (again, depends on jurisdiction). Even when the subject of the evidence is COTS gear evidence can be collected and used in court.

The alternative would be for every criminal to simply turn logging off on their devices so the evidence collected gets thrown out.... this doesn't happen.

What was made public fails all three points.

Because what was made public wasn't legally admissible evidence being used for a court case. It was presented in a largely botched attempt to provide assistance for network defenders.

The evidence connecting the activity to a Russian, probably state sponsored APT group, was not published in that report. This is why I am intrigued when people say "it isn't good enough." Most haven't seen it...

If they work for Mandiant / Crowdstrike / Kaspersky etc., and have been involved then fair enough but in that case, I'd suggest the best way to put their competing theory forward would be to publish it rather than comment on a blog.

On the contrary, it might be a smokescreen to hide the undemocratic actions in the democratic party, or their (TLAs) own incompetence (they did not protect America).

Ok - in the spectrum of options, this is possible. Where is the evidence to support this claim? How is it stronger evidence then we have for it being Russian-led APT groups?

And I concur with @Dirk, how can one think Putin is that stupid? Ever heard that guy speaking? Watched his actions?

Why is it stupid?

If it was Putin, he has successfully influenced the election of the worlds last remaining superpower and assisted in ensuring the President of the US is someone more aligned to his interests.

Yes, there is some political fall out from the attack being investigated but it is trivial. Some diplomats being PNG'd will disrupt the FSB/SVR/GRU activities for a while but it is trivial compared to the benefits - not least of which is the demonstration that their tactics are successful.

Any repercussions are naturally limited - not least because so many people refuse to accept the data and create enough FUD that no Government will really take action about this.

It’s a huge failure to go public with suspicions instead of confronting your [fillinwhatyouwant] directly, face to face.

I don't agree. Apart from anything else, the US government doesn't feel this is a suspicion, they believe it is a solid attribution and have responded in the manner normally associated with Diplomatic engagements.

It isn't a sign of weakness or cowardice.

DavidJanuary 13, 2017 11:49 AM

@Patrick

Trump may be pro-oil/unclean energy, but economically it would be better for Russia if the U.S. became a greater importer for oil and natural gas. That probably wouldn't have happened under Hillary Clinton either with all her campaign contributions from the oil/unclean energy companies but probably more likely if the Democrats kept power.

Dirk PraetJanuary 13, 2017 1:12 PM

@ GreenSquirrel

This is a very different issue though and isn't one supported by saying the private sector work was wrong.

I never said the private sector was wrong. The only thing we can tell for sure is that apparently they found traces suggesting APT28/29 involvement, groups who were previously linked to Russia. The obvious conclusion is then indeed to assume that the Kremlin was behind the entire thing. But even when totally discarding that the tools used may have been set up or even piggybacked upon by another party, there's too much about the story that feels counter-intuitive.

It remains a most remarkable coincidence that after years of Chinese APT scare mongering suddenly the Kremlin is found to be behind this one and just at a moment the USG is strongly propagating anti-Russia sentiment over their totally upsetting US foreign policy. Furthermore, nobody seems to think the DNC documents had any decisive influence on Shillary's defeat. Which again begs the question why Putin would risk a major international incident and retaliation over an apparently poorly executed operation leading directly back to him while only marginally furthering the cause of his preferred candidate. And in a context that hardly anyone thought Trump stood a real chance in the first place. It simply doesn't add up.

In 1963, the JFK assassination by any criterium looked like a slam dunk for the prosecution. A lone gunman with strong ties to the former Soviet Union and by the name of Lee Harvey Oswald was apprehended after having fired a rifle from a Dallas warehouse along the presidential trajectory. To date, the official story as laid down in the Warren report stands, but there's exactly no one who still believes it. Whatever anyone chooses or is led to believe, do not underestimate the power of the dark side lurking in the shadows of your Republic. Especially when (M)IC interests are at stake.

@ Sancho_P

It is a shame that your outgoing President is a coward.

Despite all of his failures and shortcomings, I will miss Obama's inspiring speeches, his grace, his style and his humour. The contrast with the new tweeter in chief just couldn't be bigger.

GreenSquirrelJanuary 13, 2017 1:58 PM

@Dirk Praet

The obvious conclusion is then indeed to assume that the Kremlin was behind the entire thing. But even when totally discarding that the tools used may have been set up or even piggybacked upon by another party, there's too much about the story that feels counter-intuitive.

I cant really argue or disagree with this. But the reality is this says more about your geopolitical tendencies than anything else. It may well be valid and correct, but then again it might not be. With the information available there is nothing to support the feeling other than gut feeling.

Furthermore, nobody seems to think the DNC documents had any decisive influence on Shillary's defeat.

Fairly subjective and largely impossible to ever determine. During the election cycle, the documents were repeatedly used to discredit Clinton so it feels to me that Trump's campaign believed there was value in them.

While it may not have swung many voters, in the US election process it doesnt have to. It just have to influence a few. We may look down our noses as the value of opinion polling but they do seem to show that news items related to the leaked emails did have a measurable impact on voting intentions.

The point of interfering with other nations election systems is not to deliver a single overwhelming move, it is to provide a slight nudge in the right direction - look at how the UK & US have interfered with other nations elections (short of invasions). It isn't with a big, spectacular, event, it is with a series of small pushes.

Which again begs the question why Putin would risk a major international incident and retaliation over an apparently poorly executed operation leading directly back to him while only marginally furthering the cause of his preferred candidate.

So, a few things:

1) There is no real risk. What has Russia suffered as a result of this?

2) The operation wasn't poorly executed. The infiltration was successful, the leak was occurred and Trump was elected. Without knowing the operational criteria, that seems to be a success.

3) We cant know if it was "marginal" or not - and this is a decision taken with 20/20 hindsight. In the run up to the election few people thought Trump would be elected so it is possible that the operation was initiated before his victory became obvious to the Russian intelligence services. To be fair to them, the majority of the world thought Clinton's victory was going to be definite until the election was called....

The reality is every intelligence agency in the world leaves traces in their operations. Sometimes Mossad make mistakes and their agents get caught in a hotel forcing an quick exfiltration - it doesn't mean it wasn't a Mossad op, it doesn't mean it was a false flag, it just means agents are humans even in the mythical agencies.

Putin is human and the Russian Intelligence Services are human. This means they will do imperfect things, leave occasional evidence and make decisions that, in hindsight, might not have been needed.

Evidence that points to Russia is not evidence it wasn't Russia simply because "Russians wouldn't leave evidence pointing to themselves."

And in a context that hardly anyone thought Trump stood a real chance in the first place. It simply doesn't add up.

That kind of undermines the previous argument.

If Putin wanted Trump as president but believed there was very little chance of it happening he is more likely to instruct his intelligence services to try and find sufficient information to undermine the opposition. The fact that this didn't find as much as we might think would be needed to tilt the election doesn't mean they didn't try. They aren't omnipotent. Like all civil servants in Intelligence Agencies they will be a group of people trying to get their job done with the minimum amount of hassle.

Clive RobinsonJanuary 13, 2017 2:34 PM

@ GreenSquirrel,

I realy would stop if I were you because you are painting yourself into a corner.

The word "Evidence" has fairly strict definitions in the fields of endevor it has meaning in such as the legal profession and the scientific profession, medicine etc. Each time you get challenged on this you lower the bar, to the point you are now arguing in effect "It's evidence because that's what I chose to call it". You are doing this sight unseen on multiple assumptions most of which can be shown to be irrelavent or false. Thus what you are saying is you are behaving like an authoritarian follower... Which is the same behaviour for which "I was only following orders" is so infamous.

Outside of law "Evidence" is something that can be tested and verified by any competent practicioner in the field of endevor. In law there is an acception for "eyewitness testimony" that is it has to be first hand knowledge and sworn to in court or where that is not possible by written and witnessed statment. The law is also polite enough to give anything that fails this the name of "hearsay" rather than "A load of old b*ll*cks"

Even you have admitted that you have not seen the supposed facts, you just assume they are factual. Further you assume that commercial entities are trust worthy, most people these days would ask you something along the lines of "do you know about the bank crashes and to big to fail?" or "What about Enron" or a multitude of other commercial organisations.

Further you talk of assumptive events not being questioned in 2014 and make unwarranted forward assumptions.

Then the big issue of the release of the documents. Having not seen them you say those allegadly taken on behalf of the Russian Government are the same as those hand delivered to Wikileaks.

Most people around here would know that that is an unsustanable view point because it's well known that Wikileaks has a history of selective release and there had been know release from the Signals Agencies to compare anything against. So it's not a supportable statment plain and simple.

However you then go on with some realy odd claim that this proves it must be the Russians because two seperate entaties grabbing the documents is to much of a coincidence. When you keep claiming that atleast two APT organisations were after the same data... According to what you assume are trusted sources...

Well try applying a little common sense and you will see why such a coincidence is more than probable but highly likely.

The fact that it's claimed that two apparently unrelated APT organisations should realy tell you something.

That is they are at best "arms length" organisations or "contractors", payed by results, not working by allegiance or as part of the command structure. Thus it's highly likely they do rather more than they get direct payment for to be not just situationaly aware but responsive when called upon. Which accounts for both the APT organisations behaviour. They know that the Inside workings of both the Democratic and Republican campaign organisations has high value. Thus the probability is that all political party campaign systems have attracted their attention.

Most people outside of the US do not see Hillary Clinton in a favourable light for various reasons, not least of which is she makes some War Hawks look tame. Thus I suspect that not just Russia but quite a few countries both on the US "5h1t list" and supposed allies have been sniffing around. In fact we know they have GCHQ was monitoring the lines that the data allegedly went down, the same is probably true for all other signals agencies on the route the data traveled. They would have done because as we know from various gaffs Hillary is not discreet and does not listen to wise council, thus she is an Intel weenies wet dream far better than most high level sources. Where there is that sort of solid platinum Intel there is a lot of gold to be made. Thus the APT organisations may have more customers than "Mother Russia"...

But that aside Hillary was screwing Bernie over in every way she could. We know that Hillary and some of her associates had very very bad OpSec even after having US security briefings on how to handle sensitive information. In short they were reckless, and we have reason to belive Hillary had real contempt for OpSec where she had any kind of control. Thus it might not be an assumption to far off the mark that the Democratic Campaign IT systems had poor or worse security.

Thus the chances are high that Hillary pissed off more than a few people who had access to those computer systems, and decided enough was enough. They don't even need to be Sanders Supporters.

Now the thing is if two or more people steal archives then even if done at seperate times they will have a very high degree of commonality, the only difference is that the one taken later will have more information in it.

As for auditing the systems, you can easily get around those if you know how the backups are done. It's a simple exploit I've demonstrated rather more times than I can remember, it's the vulnerability that most Admins and the like don't think about. Worse these days is the backups often don't happen on the actual storage server but on a seperate system dedicated to the task because it's "more cost and labour efficient". Thus anyone with access to the wire in between can tee the data off entirely unobserved by the computer security systems. Likewise the backup media is usually not that well controled so they can be copied. And there is a whole heap of other ways of avoiding those computer auditing systems, even in highly classified environments, as we well know.

Thus a pissed of insider is rather more likely than you give credit for, and as we are talking archives you would have near identical document sets.

Thus your argument it has to be the Russian's is actually not water tight by any measure of the meaning.

In fact you could argue more favourably that the Russian's would not leak the archive documents, because it would be like trying to play poker with your hand face up on the table.

As for Russia spying on US Politicos, yup the US does it to, so do many other nations, that's the Great Game in action. So there is absolutly nothing the US can do on claiming the moral high ground there, on that score they are "Lower than a snakes belly in a wheel rut" and we all know it, even you...

This is an argument that neither you nor Obama&Co can win except by trying to "talk fast whilst running with the goal posts" and you are going to get out of breath faster than those who are watching the entettainment for it's comedy value. Maybe instead of "Russia Inside" we should call it "Obama Soap" and turn it into a faux reality show.

Gerard van VoorenJanuary 13, 2017 2:46 PM

@ Dirk Praet,

At a recent confirmation hearing, someone asked Rex Tillerson if he would agree that Putin is a war criminal. While this is certainly open for debate, I don't think you have any idea just how revolting such a question sounds coming from an elected representative of a country one of whose former presidents by all criteria is one himself and was never held accountable for them in any way. At least in the UK there was the Chilcot report.

I could be spreading lies here, but according to The Guardian the Chilcot inquiry was set up ‘to avoid blame’. The problem is the sources in this news item. I couldn't find them. But they claim that it wasn't about accountability.

rJanuary 13, 2017 5:13 PM

@David,

When was the last time the democrats had power comparable to the situation we see ourselves in now?

What you call power was a crippling back and forth between two entrenched ideologies that never accomplished a damn thing, now what you have is an almost completely lopsided view of the actual country en-place and you think it's going to be better when there is a path-of-least-resistance for whatever is (not publicly) on the republican ticket?

Wake up, at least when there's more of a balance you have better representation if not actual implementability.

GreenSquirrelJanuary 13, 2017 5:46 PM

@Clive

The word "Evidence" has fairly strict definitions in the fields of endevor it has meaning in such as the legal profession and the scientific profession, medicine etc. Each time you get challenged on this you lower the bar, to the point you are now arguing in effect "It's evidence because that's what I chose to call it".

Not once have I changed my definition of evidence. I have said, on each occasion that evidence cant be simply defined as what is acceptable by the court of a chosen country. I haven't lowered the bar once.

I get that people are getting pissed because their chosen conspiracy theory isn't particularly sound, but that doesn't mean I've changed the definition of evidence as used here.

You are doing this sight unseen on multiple assumptions most of which can be shown to be irrelavent or false.

Saying this doesn't make it true. Can be shown to be irrelevant or false isn't the same as it is shown to be irrelevant or false. I could show that the Earth resolves around the moon.... if that were true, but it isn't.

Outside of law "Evidence" is something that can be tested and verified by any competent practicioner in the field of endevor.

There is nothing wrong with that definition of evidence and it is probably applicable to a lot of situations - including the research into the compromise of the DNC systems.

In that case, the evidence was provided to multiple competent practitioners in the field of DFIR and they have unanimously (at least so far) agreed it was the Russians.

Are you going to continue with the God of the Gaps and now say they are no longer competent because they've taken this stance or accept the fact the Evidence has been reviewed by people who are competent and they have all come to the same conclusion?

In law there is an acception for "eyewitness testimony" that is it has to be first hand knowledge and sworn to in court or where that is not possible by written and witnessed statment.

No one is arguing with the application of law in countries which follow the English tradition.

As I said to others, that isn't relevant. Nothing published in the DHS report claims to be evidence for a court case. No one has ever said it was, so arguing that it isn't, is just a strawman.

Even you have admitted that you have not seen the supposed facts, you just assume they are factual. Further you assume that commercial entities are trust worthy, most people these days would ask you something along the lines of "do you know about the bank crashes and to big to fail?" or "What about Enron" or a multitude of other commercial organisations.

You've gone off on multiple tangents here and conjoined a lot of concepts in an attempt to make a coherent argument.

For simplicity I will break it down:

1) I was not, and have never claimed to be, involved directly in the DFIR response to the DNC hack.

2) The facts reported by the DFIR companies are not "supposed" facts any more than the evidence provided to a trial by a Forensic Sciences Services Lab is a "supposed" fact.

3) I do not have to assume commercial entities are trustworthy just that they are competitive. To reiterate the bit everyone ignores, there is a monumental commercial advantage for any one of these companies to create a counter argument. As I said some time ago, no one with access to the evidence has doubted the connection with Russian sponsored advanced threat groups.

Further you talk of assumptive events not being questioned in 2014 and make unwarranted forward assumptions.

No. You are the one with a string of assumptions here.

You are heading down the path of a conspiracy theory supported by the argument conspiracy therefore conspiracy with the assumption any thing the government, or commercial entities say must be untrue. You claim to be avoiding assumptions but the reality is very much the opposite.

Having not seen them you say those allegadly taken on behalf of the Russian Government are the same as those hand delivered to Wikileaks.

I say that people who have been part of the investigation have stated publicly that they are the same. I am sorry if that wasn't clearer.

You have assumed they are all lying or in the pay of a secret cabal of the US government which is more able to keep secrets than any other cabal in history.

That is an assumption.

Most people around here would know that that is an unsustanable view point because it's well known that Wikileaks has a history of selective release and there had been know release from the Signals Agencies to compare anything against. So it's not a supportable statment plain and simple.

Again, no.

The reporting, webcasts and conferences discussing the DFIR involving the commercial organisations involved all report that the documents on Wikileaks are in the set of data accessed by the Russian-state sponsored advanced threat group.

Now it is entirely possible that Wikileaks have more documents which would prove a different theory but you haven't seen them either.

Your assumption here is that they have them. That is an assumption without any evidence other than the believe Wikileaks have withheld something for some unknown reason and this withheld data will be miraculously something outside the datasets captured by the APT group.

Big assumption.

However you then go on with some realy odd claim that this proves it must be the Russians because two seperate entaties grabbing the documents is to much of a coincidence. When you keep claiming that atleast two APT organisations were after the same data... According to what you assume are trusted sources...

Try again.

The use of APT28/29 is a nomenclature term which doesn't indicate two different organisations.

Just to be clear, I haven't made a claim on this - I asked you which scenario was the most likely, most credible, least extraordinary.

Coincidences do happen but based on the available evidence, the probability is against it. Your argument to the contrary is simply one which assumes there is more evidence which no one has seen that totally disproves the evidence everyone has seen.

Again, a big assumption.

That is they are at best "arms length" organisations or "contractors", payed by results, not working by allegiance or as part of the command structure.

Wait. I am confused. We cant trust the IC because they are part of the government and we cant trust the private sector because they aren't part of the government....? Ok, good job we can trust the Russian Government then.

On a serious note - the DFIR organisations involved in this have accessed more than the DNC systems. They have spent months collating data between different companies which saw different aspects of the attack. Most weren't funded by the US government to do this and lots of the data has been gathered from multinational clients.

Seriously, rather than focus on the DHS report mixed in with some conspiracy theory, check out the publications, podcasts, webinars etc. Go to SANS DFIR Austin in June and ask Rob Lee directly why the whole security industry (including Russian companies) are happy with the attribution here.

Thus the probability is that all political party campaign systems have attracted their attention.

Agreed. Which implies the release of one parties data rather than others implies a political motivation.

Most people outside of the US do not see Hillary Clinton in a favourable light for various reasons, not least of which is she makes some War Hawks look tame.

An awful lot of people inside the US dont view here in a favourable light but that doesn't change the fact it was a Russian associated advanced threat group which hacked the DNC.

Thus the APT organisations may have more customers than "Mother Russia"...

Agreed, but the APT groups identified in this instance do not appear to have any history of being "mercenary" or organised crime groups. They are a Russian state-sponsored group.

So we could argue that the Russians did the hack on behalf of the Somalian war lords but, honestly, we are moving further and further away from the evidence into the land of hearsay which everyone seems to object to.

Thus it might not be an assumption to far off the mark that the Democratic Campaign IT systems had poor or worse security.

It might not be an assumption far off the mark, but it is still an assumption isn't it? Isn't that what you keep chastising me for?

However, I don't actually doubt that the DNC IT systems had average (poor) security.

That doesn't matter. We aren't talking about the controls able to prevent the attack because we know the attack happened. The techniques used by the APT group were not witchcraft but were a step above a teenager with a kali distro and some spare time. They indicate a resourced and persistent attacker.

Now the thing is if two or more people steal archives then even if done at seperate times they will have a very high degree of commonality, the only difference is that the one taken later will have more information in it.

Agreed. So what files released to wikileaks weren't taken by the advanced threat group? You seem confident that these exist but have remained undetected by the DFIR people. Have you seen them or are you making an assumption here?

As for auditing the systems, you can easily get around those if you know how the backups are done. It's a simple exploit I've demonstrated rather more times than I can remember, it's the vulnerability that most Admins and the like don't think about.

You can, as I said days ago, with the correct level of technical knowledge you can subvert the system to the point at which a forensic investigator cant detect your activity.

However, in this case the correct level is very, very high and it isn't about attacking the backups.

One very relevant example is in the Shadowbrokers file dump - they appear to have a tool which is able to selectively edit the windows event logs without leaving an event log. If true this has significant impact for digital forensics investigators and it appears which ever insider pwnd the DNC also had this close-to-zero-day ability.

Thus a pissed of insider is rather more likely than you give credit for, and as we are talking archives you would have near identical document sets.

The concern I have regarding the insider threat is the assumption that no leading DFIR company considered this or checked for this - or that they all have such woeful abilities they can never detect insider threats. Neither of these statements is likely to be true.

There are too many assumptions in the "it wasnt the Russians" argument.....

Thus your argument it has to be the Russian's is actually not water tight by any measure of the meaning.

This is very obviously your opinion. There is no amount of evidence or argument which will convince you otherwise because there is always the missing evidence which points to your theory and simply hasn't been found yet.

No one has shown these three statements to be false:

1) An advanced threat group accessed the data which was leaked to Wikileaks.
2) the advanced threat group has been attributed to the Russian government since at least 2014 and possibly as far back as 1998.
3) There is no evidence of an insider threat actor.

Until you can do this, the strongest argument is that the group is the group which leaked the data to wikileaks.

What you do have is a lot of handwaving and vague references to other situations and allusions to conspiracies, assumptions that its not in the Russian interests or that the Russians wouldnt be so stupid etc.

If I go to the news pages right now and discover that Person X has been identified as the leak and that the APT activity was a genuine red herring then I am happy to reappraise my position.

Until then, it makes no sense to assume the scenario without evidence is the true one.

In fact you could argue more favourably that the Russian's would not leak the archive documents, because it would be like trying to play poker with your hand face up on the table.

This assumes (get the general trend here?) that we fully understand the Russian motivations. If it was as simple as "we'd rather have our mate the Donald in the seat than that madwoman who bombs babies" then leaking the data makes more sense than trying to threaten Clinton during negotiations. In very practical terms, the data had a genuine lifespan - if Hillary had won the election, the leaked data would have been pretty useless. Its only value was to attempt a disruption on her campaign.

As for Russia spying on US Politicos, yup the US does it to, so do many other nations, that's the Great Game in action.

So if we can agree that nations spy on other nations, why do you find it so hard to believe that the Russians hacked the DNC systems?

The US would certainly do it in a heartbeat if they thought they could influence the Russian government......

This is an argument that neither you nor Obama&Co can win except by trying to "talk fast whilst running with the goal posts" and you are going to get out of breath faster than those who are watching the entettainment for it's comedy value.

This makes no sense to me, sorry.

I am not trying to win an argument that the US holds the moral high ground. I am trying to explain the fallacies in the conspiracy theories which build convoluted scenarios involving multiple threat actors with different agendas when the available evidence indicates something else.

However I am aware I am not going to win that argument either. As I said before there is no amount of evidence which will convince you that the SVR/FSB/GRU have carried out an operation they frequently do in other countries and similar to the ones the US/UK governments do. Its almost as if you have assumed the Russians take the moral high ground....

The apparent argument that it cant have been the Russians because the US doesn't have the moral high ground seems a bit weird to me, so I might have misunderstood the relevance of this. If so, sorry.

Dirk PraetJanuary 13, 2017 6:15 PM

@ GreenSquirrel

There is no real risk. What has Russia suffered as a result of this?

But there is. Russia in the long run cannot afford extended or additional economic sanctions on top of other retaliatory measures Obama announced. It's an empire in decline desperately clinging on to what it has and determined not to have it taken away from them. When Putin decided to interfere in Ukraine and in Syria, it was because he genuinely believed that not doing so would have been even more detrimental to their national interests than any projected reaction by the US and its allies.

It doesn't make sense for a calculated politician like Putin to make a bad situation even worse by getting caught trying to influence US elections in favour of a candidate Russian analysts gave as little chance of winning than the rest of the world did. That's not the sort of risks a man like Putin takes.

The operation wasn't poorly executed.

In my book, any espionage or "intelligence" operation that *any* investigating company points right back at you is an abject failure. They might as well have printed it directly in the Izvestiya under the headline "Look what we found out about Hillary Clinton!". They might even have gotten away with calling it "investigative journalism".

We cant know if it was "marginal" or not

Oh, come on. Even @Skeptical doesn't believe that. If APT28/29 were indeed acting under direct orders of the Kremlin, it stands to reason that someone there must at least have scrutinised the highlights before going public. If that someone would have been me, my answer would have been something along the line of "Are you guys f*cking kidding me? Even Comey has come up with better stuff." Unless all analysts present in the situation room would have agreed that the information found would have made a decisive difference in swinging the election, there is just no way the Kremlin would have given a green light for Guccifer & co. to proceed. If they did anyway, there's a fair chance they're now enjoying some quality time in Siberia or worse.

That said, you do make excellent points and I am really enjoying this exchange of ideas.

Sancho_PJanuary 13, 2017 6:24 PM

@GreenSquirrel

”I think you are focussing on evidence admissible to a court here and like I said, every court has different rules around this.”

No, unfortunately there is no court involved (which should follow civilized rules).
This accusation is going on in the public media.
In public the name of the rule is fairness, the scope is worldwide.
This bar is much higher than it is in court.
It’s a question of ethics.

And I think you fall again for an inconsistent conclusion:

”No one has shown these three statements to be false:
1) An advanced threat group accessed the data which was leaked to Wikileaks.”

To me it seems the sentence tries to combine the advanced threat group with the leaker.
Or did you mean “the same data”?


... So we have to agree to disagree.

Clive RobinsonJanuary 13, 2017 6:31 PM

@ GreenSquirrel,

1) An advanced threat group accessed the data which was leaked to Wikileaks. 2) the advanced threat group has been attributed to the Russian government since at least 2014 and possibly as far back as 1998. 3) There is no evidence of an insider threat actor.

I've already indicated and you have agreed with the fact that 1 above is not provable one way or the other. That is because anyone who had access to the archive could have leaked it to Wikileaks.

There are two ways to test a hypothesis the first and least desirable is to show it's true in a subset of all the possible conditions. The second and much prefered is to show it can not be true in just one condition.

Your argument is you think it's true in one condition. And then go on to assume that nullifies all other posabilities.

The first problem is nobody has shown any evidence at all the Russian's released the documents.

Your argument is like saying,

    the street you walk down is full of litter including sweet wrappers, because you've eaten sweets you must be guilty of littering.

Whilst it might be true it might not, you certainly have not proved it, nor have you shown that others could not have dropped litter.

All you have shown is that Russia might have accessed the archive via two groups that might or might not work for the Kremlin, not other groups in Russia including criminals or other places.

Your whole argument fails, go back and rework it.

rJanuary 13, 2017 6:49 PM

@David (continued),

Actually, thinking about it now and considering Hamilton/Jefferson I don't think the founding fathers were at all prepared for the entrenched bickering that immediately followed the inauguration of this country.

They knew it would force every side to come together if not at least co-operate.

GreenSquirrelJanuary 13, 2017 7:04 PM

@Dirk Praet

But there is. Russia in the long run cannot afford extended or additional economic sanctions on top of other retaliatory measures Obama announced. It's an empire in decline desperately clinging on to what it has and determined not to have it taken away from them.

I agree with this but the chances are Trump will lessen the impact of these sanctions and it may simply have been a gamble the Russians were willing to take. The problem here is it is our assessment as to what the cost:benefit is. We can't really know what they assessed the situation at. In very general terms, the Western IC is crap at assessing Russia so there seems no strong case to assume they can assess the west any better.

It may have been as simple as "we have nothing to lose here guys, the sanctions are killing us, lets do it and hope we dont get caught or if we do, we hope our disinformation campaign softens the resultant blow" (which is pretty much what has happened).

In my book, any espionage or "intelligence" operation that *any* investigating company points right back at you is an abject failure.

That is a a fair comment and the reality is we don't know how many (if any) other intelligence operations have gone completely undetected to determine what the success to failure ratio is with this criteria.

In very practical terms though, success and failure aren't always binary and an intelligence operation which achieves its goal (e.g. regime change) but is later detected has still achieved its goal. To be clear, I certainly have no idea what the goal of the Russian intelligence services here so I have no idea if this did achieve its goal.

If APT28/29 were indeed acting under direct orders of the Kremlin, it stands to reason that someone there must at least have scrutinised the highlights before going public.

Again quite valid but presupposes that we know what the objectives were and what the political drivers are. If there is an element of desperation (sanctions are crippling, we must do something) then the gambles are different. If the objective was to simply disrupt and unbalance the government, possibly even leading to a Clinton victory but with weakened support, then the leak still makes sense.

The challenge here is we are standing at the far end of the event trying to work out what the intention was by the impact pattern.

I suspect (and I have no evidence to prove this) that we will learn more over the next four years as US policy evolves, but until then......

That said, you do make excellent points and I am really enjoying this exchange of ideas.

Thanks - so do you and I agree, the exchange of ideas is great.

GreenSquirrelJanuary 13, 2017 7:10 PM

@Sancho_P

No, unfortunately there is no court involved (which should follow civilized rules).

There is no commonly agreed set of rules. Public opinion cant ever agree on the standard of evidence and a large swath of the public has demonstrated a lack of regard for any evidence anyway.

This isn't being tried in public, people are debating (fundamentally) whether or not they believe the reports produced by global security companies. Some do, some don't. No one has any evidence to counter the claims made by the US government they just have supposition and a claim that the US doesn't have enough evidence. It feels like an ironic stance to take to me.

To me it seems the sentence tries to combine the advanced threat group with the leaker. Or did you mean “the same data”?

I meant the advanced threat group had access to the same data which ended up in Wikileaks. If the group were the leaker, then it reduces the complexity in the situation and removes the need for the invisible hand of an extra actor.

However, that hasn't been confirmed by non US IC sources.

GreenSquirrelJanuary 13, 2017 7:20 PM

@Clive

I've already indicated and you have agreed with the fact that 1 above is not provable one way or the other. That is because anyone who had access to the archive could have leaked it to Wikileaks.

The instance you are replying to is a terminology issue. The statement didn't mean to say it was proven that the group leaked the data, it is that the data leaked to Wikileaks was collected by the group.

You've built a counter argument on the idea that my claim said the group leaked the data to Wikileaks - which I really didn't and on multiple occasions above have clarified.

Your argument is you think it's true in one condition. And then go on to assume that nullifies all other posabilities.

No. I dont.

The first problem is nobody has shown any evidence at all the Russian's released the documents.

I agree but no one has shown any evidence that an insider even took to documents, let alone released them and you think this is a stronger argument. It is almost as if the absence of evidence is strong evidence for you.

All you have shown is that Russia might have accessed the archive via two groups that might or might not work for the Kremlin, not other groups in Russia including criminals or other places.

Not quite.

To reiterate and hopefully use language which is clearer:

1) An advanced threat group accessed a set of data which included all the data publicly released by Wikileaks.
2) The advanced threat group has been associated with Russian Intelligence Services since at least 2014 and possibly as far back as 1998.
3) There is no evidence of an insider threat actor.

Which of these statements has been falsified?

Bob TuvesonJanuary 13, 2017 8:36 PM

Any government in power is going to get blowback from all the lies that have been told to the public in the past -- and the bigger the stakes the greater the lies that have been told. Regaining trust is going to be difficult if not impossible.

RatioJanuary 13, 2017 11:00 PM

@Dirk Praet,

It's well known that the Crusades had nothing to do with religion either.

Your point being ?

Sorry, multitasking fail. What that should have said is that that would have been a fitting response as it's well known that the Crusades had nothing to do with religion either. Also, there probably should have been a </sarcasm> at the end there. It was a comment on (in alphabetical order) PC mantras, religions, and violence, especially in combination.

What exactly are you asserting?

Daesh (ISIS) has a mother and a father: Saudi Wahabism and the (illegal) Iraq war.

That's a even more general assertion, no? I wanted to go the other way. ;)

You said: And if the war criminals Bush and Blair hadn't seen fit to invade Iraq and make a total mess of it, that neanderthal death cult would probably not even have existed in the first place. My question basically was what exactly you're asserting the 2003 invasion of Iraq caused and how you think it did that. (I'm not talking about the legality, morality, wisdom, politics, etc of the invasion.)

(I'll skip your aside on Tillerson, Putin, Bush, and the Chilcot report. Let me know if you would like me to comment on any of that.)

RatioJanuary 14, 2017 1:14 AM

@Dirk Praet,

We can deal with the off-topic stuff some other time.

Kudos both to you and @GreenSquirrel for an enjoyable discussion.

Dirk PraetJanuary 14, 2017 9:55 AM

@ GreenSquirrel, @ Sancho_P, @ Clive, @ Ratio, @ Skeptical

I meant the advanced threat group had access to the same data which ended up in Wikileaks. If the group were the leaker, then it reduces the complexity in the situation and removes the need for the invisible hand of an extra actor.

It certainly does, but there is no shred of proof for that and thus with what we currently know is every bit as much conjecture as the insider theory. While there obviously is a huge elephant in the room (or Russian bear, if you like), there's no denying that there's actually an entire zoo of other animals present too, all of which had means, motive and opportunity to damage Shillary/Trump and villify Putin.

It all boils down to what amount of evidence one is willing to accept, burden of proof and surrounding protocols we previously kinda agreed upon should optimally be set forth in some sort of international treaty or covenant. All of us here know that attribution in cyberspace is very hard, acceptable levels of proof for which therefor will be different from what is required in a traditional court of law. However much I (reluctantly) agree to that idea, it will still have to be better than sworn statements of known liars or going with one possible explanation by lack of evidence for others.

GreenSquirrelJanuary 14, 2017 2:09 PM

@Dirk Praet

It certainly does, but there is no shred of proof for that and thus with what we currently know is every bit as much conjecture as the insider theory.

Not quite.

The insider needs one extra layer of conjecture over what information is available - there is currently no evidence that an insider took the data.

Its a bit like saying an previously undetected alien species is just as likely to have wanted to influence the election - we have no evidence to disprove it and no evidence to support it but I don't think anyone would say it was in the same ball park conjecture wise as the more rational alternatives.

However much I (reluctantly) agree to that idea, it will still have to be better than sworn statements of known liars or going with one possible explanation by lack of evidence for others.

I agree in principle with this. In the event that this were a criminal trial then yes, the burden of proof needs to meet the requirements of the court in which it is tried. If this were a civil case, then the burden of proof is often different and in most courts it changes from "beyond reasonable doubt" to "on balance of probabilities."

For me, the situation with the DNC hack isn't in a criminal court. At best I'd concede it should be treated like a civil case but the reality is there is no court, no jury, no judge.

This is a government making some information public and taking a decision on how to respond. I don't think they are ever going to care enough to burn some sensitive human sources so that they can make their evidence court-room worthy just to attract public support from people who will still likely call it in to question.

Human intelligence sources are, generally, very poor witnesses in a court room which is why most of the time a court will trust their handlers report on what they have said and how trustworthy they are.

If the US government came out and said "we confirmed this from a well placed, trusted source in the Russian government who had sight of the instruction to hack the DNC and leak it to WIkileaks" - would you be happy to accept that a suitable evidence?

Dirk PraetJanuary 14, 2017 3:36 PM

@ GreenSquirrel

If the US government came out and said "we confirmed this from a well placed, trusted source in the Russian government who had sight of the instruction to hack the DNC and leak it to WIkileaks" - would you be happy to accept that a suitable evidence?

Only if that claim would be supported by an independent international body that has signed off on verifiable and in chambers presented evidence that meets the burden of proof standard set forth in the protocols governing said body.

GreenSquirrelJanuary 14, 2017 4:30 PM

@Dirk Praet

Then you are asking more than the current requirement for most western courts regarding human intelligence sources in a criminal case. It is also more than the legal requirement for lots of technically collected evidence.

In the US, witness protection is a favoured avenue but even then it isn't a cast iron requirement as human intelligence can be presented by the handler.

In the UK is it routine for a source handler to be the one providing the evidence with a description of the source, their access and their trustworthiness. This is then assessed by the judge who may, on occasion, demand to know the identity of the source but this isn't normally disclosed to the Jury and never to the public.

Additionally, Police forces in most nations effectively take executive action on covert human intelligence often without a requirement to go to the courts if the need is to disrupt and prevent criminal activity or gather further evidence of criminal behaviour.

So, a police force which gets a "tip" that a gang have committed a crime or are planning to do, has some latitude around disrupting this based on the report as it provides a greater benefit for society. There may well be extensive arguments around how just this is, but it happens across the world.

For completeness, however, what international body would you feel was independent in this situation?

Sancho_PJanuary 14, 2017 5:36 PM

@GreenSquirrel

So how did you then mean this statement (@Clive Robinson):
”I agree but no one has shown any evidence that an insider even took to documents, let alone released them and you think this is a stronger argument.” (my emph)

I’ll forget the “evidence”, but why do you ignore:
https://www.theguardian.com/us-news/2016/dec/10/cia-concludes-russia-interfered-to-help-trump-win-election-report?CMP=share_btn_tw
and
"Do Julian Assange and I have a reputation for truthfulness?" (Craig Murray)?


Oh boy, it’s getting difficult now:

”To reiterate and hopefully use language which is clearer:
1) An advanced threat group accessed a set of data which included all the data publicly released by Wikileaks.”

Did you mean

1) An advanced threat group accessed a set of data “.”
1a) Wikileaks publicly released a set of data which might be identical with 1).

or did I get that wrong, too?
The problem is when a doubtful statement is repeated in a chain of commands the message might change to the opposite.

Re 3): There is no _evidence_ but a public claim to have met the insider,
so your statement is doubtful, to say the least, but it smells like deception if you repeat doubtful statements.

The term “evidence” is wrong anyway.

- The absence of knowledge is not proof of absence. -

Sancho_PJanuary 14, 2017 5:39 PM

@Dirk Praet,

Re the ”… well placed, trusted source in the Russian government…”
Um.
I’ve been working in the East. They were masters in “information channel testing”.
There was no day without honeypot.
No one can surpass their level of distrust, it’s in their blood. It won’t stop.
The guy who leaked back a doped info might already be in deep trouble (-45°C),
because the proof was given indirectly so far.

Sancho_PJanuary 14, 2017 5:41 PM

@GreenSquirrel

(Police) To take executive action on covert human intelligence is not the same as
blaming a whole nation for criminal activity in public w/o presenting a proof.

I’m off here now.

GreenSquirrelJanuary 14, 2017 6:23 PM

@Sancho_P

I’ll forget the “evidence”, but why do you ignore:

I assume you mean this bit “I know who leaked them,” Murray said. “I’ve met the person who leaked them, and they are certainly not Russian and it’s an insider. It’s a leak, not a hack; the two are different things.

If so, yes, this is someone making a claim that they have met the insider. Is this evidence? Is it stronger evidence than the dozens of private sector technical people who have looked at the systems and say it wasn't?

Your call.

I will give you that we now have one item of evidence that an insider leaked the data. Do you agree?

or did I get that wrong, too?

I will try again.

The data wikileaks have released so far doesn't contain anything which wasn't in the set of data believed to be exfiltrated by the advanced threat group.

Does that help?

There is no _evidence_ but a public claim to have met the insider, so your statement is doubtful, to say the least, but it smells like deception if you repeat doubtful statements.

I can show you public claims of people who have met aliens. Does that make them real?

What we have here is a claim by one person to have met the insider and "received a package" from them in September 2016 while in the US. If we accept this as evidence that the insider was active, then how do we dismiss the evidence from the CIA that a well placed source has indicated it was a Russian directed operation?

Do we say "Oh its the CIA they must be liars but this British ex-Ambassador must be telling the truth"? Do we say the multiple people within the US IC mean they are all liars but this one person is true?

I had largely steered away from any of the hearsay evidence around human sources because you objected to it as unreliable - and I was focused on what the technical people (independent of any particular government and from multiple nationalities) reported.

- The absence of knowledge is not proof of absence. -

I agree. I agree that the lack of any technical evidence (to be pedantic) of an insider isn't proof there wasn't one but it also isn't proof there was one.

I will publicly say that Aliens from Rigel 5 visited Earth and decided to play games with the US elections and I met with them when they told me. Using your criteria this now carries the same weight as the insider threat angle and the lack of proof that I am telling the truth can't cause people to doubt me.

GreenSquirrelJanuary 14, 2017 6:29 PM

@Sancho_P

To take executive action on covert human intelligence is not the same as blaming a whole nation for criminal activity in public w/o presenting a proof.

I agree, it is probably worse.

First off, saying that the hack was directed by the Russian government isn't really the same as blaming the whole nation. I can't imagine a large percentage of the population were asked their opinion or asked to approve the operation. Its a bit like blaming a Welsh sheep farmer for the UK invasion of Iraq.

Secondly, the reality it is a diplomatic position. This sort of event happens quite frequently and Russian diplomats should be used to getting expelled from the US when an SVR/FSB/GRU operation gets busted and amazingly no one goes round blaming every Russian.

Intelligence feeds into political decisions 24 hours a day without ever being presented to the public as "proof" for why something was done in a certain way. You've just taken an issue with this one because it has triggered something you think is important.

I’m off here now.

Cool - thanks for the discussion. Bye.

SkepticalJanuary 14, 2017 6:51 PM


@Dirk: It doesn't make sense for a calculated politician like Putin to make a bad situation even worse by getting caught trying to influence US elections in favour of a candidate Russian analysts gave as little chance of winning than the rest of the world did. That's not the sort of risks a man like Putin takes.

I think you're "mirroring" a bit here in assessing Putin's views of the risks.

Let's assume for the sake of argument that Putin genuinely believes:

(1) The US actively attempts to influence politics and elections in Russia;
(2) The US did actively attempt to influence the most recent Presidential election in Russia;
(3) The "color revolutions" and the work of various NGOs devoted to human rights and democratization are in fact thin veils for an ideological and information offensive by the United States and its allies.

For those holding such views, what was done here may not have seemed that outside existing norms. And so they would have been surprised by the reaction.

In addition, over-confidence on the part of Russia's cyber-actors (for lack of better term) may have resulted in an under-estimate of the risk of detection and attribution.

Let's say Putin, and those who advised him, also genuinely believe:
(4) Power in the US is really controlled by the elites, who choose themselves who governs and what government does; elections are a mere fig leaf, courts a transparent screen, and ideology a cloak for what really happens in the US.

Those are 4 beliefs, and one attribute of overconfidence, that are quite plausibly held by Putin and others in Russia.

If you view things from such a perspective, the influence operation was low-risk, and merely part of a swarm of influence operations intended to deprive Western democracies of moral force and soft power.

Personally, I believe that to be the case - but in any case, you can see how this influence operation appears much more rational from the Russian side once you take such views into account.

Look, Dirk, it would be a truly remarkable conspiracy for the entire US Intelligence Community to issue the statements it has without very strong evidence. The probability of the existence of such a conspiracy, playing out as Trump is coming into power, without leaks, is extraordinarily small.

We can kick around the "what-if" ball all day long, and note that the US IC has released very little of its evidence, but in the final analysis, one must simply be aware of how deeply improbable such a conspiracy would be.

And if one admits such a conspiracy improbable, then one is left with the hypothesis that the US IC is mistaken about evidence it believes to be strong. Yet most - including Snowden - seem to believe that the US IC would in fact have the resources to make an attribution.

So the only reasonable conclusion one can draw is this: the US IC are probably correct in their attribution.

As to whether the US holds the moral high ground - this is an entirely separate matter, and not really relevant in certain respects - but with respect to Russia on the issue of democracy, you can bet your life it does. The US has been neither perfect nor consistent, but it has been far better than Russia in supporting and defending democracies.

Clive RobinsonJanuary 15, 2017 3:12 AM

!! Long post warning!!

!! Disclaimer I am compleatly disinterested in the party politics!!

@ Skeptical,

... it would be a truly remarkable conspiracy for the entire US Intelligence Community to issue the statements it has without very strong evidence.

A conspiracy is not required, only confirmation bias, to start it off.

As to your assumption of "very strong evidence", even you should know that's not the way the IC works for briefings, we've just had that demonstrated yet again on the "Trump Report". Further there is no indication Obama asked for or obtained the required level of confidence prior to making his public accusations (which is a point I've made several times about "extrodinary claims...").

To get back to basics, to claim publicaly as Obama did that Putin/Russia "hacked the election", with in part the DNC email archive you have to show a number of things are ALL true, with real proof, not a chain of assumptions. Further you also have to show that it could not have been done by anybody else as part of that proof, otherwise you end up looking like a real idiot. Something Obama appears not to care about, in fact the opposite, he appears totaly intent on "queering the pitch" for his successors, not just Donald Trump. Which is unfortunate for US citizens in the level of potential harm (especialy having also just given near total access to the IC Intel to nearly "all comers").

So to start with a basic list you would need proof that,

1, The Wikileak published documents are in the DNC archive and are not forged etc.

2, One or more persons had access to the DNC archive and made a copy.

3, Atleast one of the somebodies that had that DNC archive copy also had contact with Putin/Russia.

4, That the somebodies were acting on direct orders from Putin/Russia.

5, That Putin/Russia gave that DNC archive copy to an intermediary or directly to Wikileaks.

6, That others who had access to the DNC archive did not give a "different copy" to an intermediary or directly to Wikeleaks.

But there are other considerations that arise as you flesh the points out.

So step 1 are the documents actually genuine... Well we don't actually know, publicaly. There have been denials, which as the documents show what some consider a "crime" --misappropriation of resources by Clinton group from Sanders group etc-- is not suprising. So we are unlikely to find out for certain currently, but there is another issue that arises,

7, Do we know if Wikileaks has the entire archive copy in question, just parts of it or a different archive copy.

The answer to that is most probably not, Wikileaks MO is not to publish entire troves of documents. Due to the nature of archives this is an important issue, people need to be noting.

Step 2 is the question of "one or more persons" having access to the archive and further did they copy it in part or whole. It's fairly easy to demonstrate that DNC insiders had not just access but could make a copy. As has been argued above it would be very hard if not impossible to demonstrate that they did not make a copy in part or whole, because few if anybody (including the NSA prior to Snowden) have the level of physical and technical security or auditing in place to do this. This means that multiple copies can not be ruled out, thus you now have multiple chains to investigate thoroughly, and it's apparently not been done from what is known publicly...

Likewise for outsiders, those who have had some involvment in the investigation indicate that there were two seperate APT groups or two different MOs involved. But nobody has commented on if there were others or more importantly "No others" involved. This comes into the relm of the investigators abilities and proving a negative, as well as the great game of espionage. Investigators can only investigate anomalies that they find, and this depends on their knowledge level and what's available.

It's been shown on a number of occasions that state level and above attackers have tools and methods that investigators do not have. They also have methods that fall outside investigators scope such as zero days on routers one or more hops upstream, and this is a point of contention that is bubbling along in the back ground (Why did the NSA either not see or act, what is the GCHQ involvment). Thus it's actually quite uncertain who investigated what, where, when and to what limits, as it's not being said.

Likewise if more than two attackers got into the DNC systems. What we do know is that both the Democrate and Republican campaign systems would have been an attractive target for espionage by any number of nations IC including those of the US and it's allies, as has been indicated by the Ed Snowden and other sources of information. Further this is the first major US election after those releases, which means some may have ceased what prior restraint the previously had. So it's shall we say quite suprising that no others have been mentioned, which comes back to anomalies and investigator abilities.

Step 3, is the question of if one or more entities that had DNC archive copies also had contact with Putin/Russia.

From the technical side it's been said that atleast one copy went via one of the two groups who's MOs are similar to those alleged to have acted for Rusian interests in the past. The first problem with this is "How many people know the MOs?", in serious police investigations details of the suspects MO are held back to spot copycats or false claims. For obvious reasons that is not the case for this investigation and the two groups identified so copycat activities can not be ruled out. Secondly we don't know if those with DNC archive copies are actually working for any or many interests in Russia.

It's actually very unlikely that Putin was aware of the alledged attackers. It's just not the way things are done with "methods and sources". This is not just to prevent harmfull leaks, and give deniability but also as position enhancing assets in a patronage based power structure seen in both China and Russia, "freelance risk taking" can have an enormous pay off. The fact that two different MOs were seen tends to show that this is likely the case. It's been claimed that various Russian Government organisations use criminal organisations and pay them with protection from sanction. Which makes it likely that someone in the Russian government but not Putin had contact with the groups. But it does not show the groups passed the copy "up the chain" on the "bird in the hand principle" which is prevelent in patronage structures.


Step 4, is the very hard task of demonstrating that the attacking groups were acting on direct orders from Putin or from within Russia at all.

Freelance / arms length / deniable entities especialy criminal ones tend to have more than one customer for their services (we have actually just seen this demonstrated with the "Trump Report" a UK entity got funding from apparently both US major political parties).

Technical methods are not realy suitable for this at all, because they don't make the cross over into determining what is the human intent of those involved.

With such a loose freelance patronage structure you need very solid multiple "sources" not just methods to have even a small confidence in attribution. There is no public evidence that there is any let alone sufficient sources available to the DNC hack investigators to get even close to attribution to Putin giving any let alone direct orders for the hack and archive copying. Infact it's more likely to be "business as usual" in the great game of espionage. Like investigative journalists you hover up everything you can on the "just in case" principle.


Step 5, is the very important question of if Putin or other Russia interests/entities gave that archive copy to an intermediary or directly to Wikileaks.

This is even more difficult to do than the previous step. Currently there is absolutly no evidence or even indication that there is such evidence in existance. So it's entirely based on an individuals opinion either way based on their cognative bias / unsupportable beliefs.

It's at this point we have to prove all other possibilities false to make this potentialy provable. As that is in effect impossible, the only way to prove it would be by a direct admission by Putin or other Russian entities, and I don't know about you, but I can not see that happening any time soon. I can't even see them issuing a formal denial, as that would in some peoples mind be an admission.

Step 6, however could show that Putin or other Russian interests / entities did not release their alleged copy of the DNC archive, and that infact others gave a different archive copy to an intermediary or directly to Wikeleaks.

All that is required to bring the the unsubstantiated allegation that Putin / Rusian interests / entities did give wikileaks their alledged copy is for wikileaks to publish a single document that is not in the alleged copy.

However to do that two things have to be true. The first is we fully know the contents of the alleged Putin/Russian copy of the archive. The second is that Wikileaks has such a document that can and will be publicly authenticated as such.

Wikileaks and a previous ambassador for the UK have said that the copy of the DNC archive they have came from a source within the DNC. This may or may not be true, but both parties have a reputation to protect, thus it is a credible argument, which they might be able to prove if the copy they have was made later than the alledged Putin/Russian copy, or had more verifiable documents than the alledged copy.

Which based on the nature of the documents and current accusations and policy of Obama and the US Government, is unlikely to happen in our life time.

However it brings up the GCHQ question, it's been hinted at that GCHQ saw and stored away copies of the network activities of the two alleged Russian groups. It maybe that other Signals Intelligence Agencies have seen and saved copies of the network activities in transit, and it maybe in their interests to release it publicaly.

Which brings us to step 7, which is what does Wikileaks actually have.

We don't know if Wikileaks has the entire archive copy, just parts of it, a different archive copy or just parts of a different copy.

What we do know is that Wikileaks tries to do the equivalent of "responsible journalism", that is they limit what they publish by certain criteria. So again we may never know for sure what they were given.

That's covered the major points as briefly as I can which just leaves the conclusion.

The current US President was given a briefing at some point about the appearence of confidential DNC documents that had appeared in public. We do not know what was in those briefings, nor are we likely to now or in a reasonable time frame. The current US President made publically an extrodinary claim against Russia, for which there is not extrodinary evidence publicaly available to back it up. This will have caused significant problems for his successors not just the current US President Elect. Worse these problems will alnost certainly cause harm to the interests of US citizens.

Thus it can be seen as at best a grave error of judgment by the current US President.

Dirk PraetJanuary 15, 2017 6:56 AM

@ GreenSquirrel

For completeness, however, what international body would you feel was independent in this situation?

I don't think there currently is one either qualified or authorised for such a job. International conflicts between civilised nations should be solved or at least mediated by international bodies governed by mutually agreed upon rules. Not by throwing around accusations no one can verify and based on findings by spy agencies that inspire less confidence than a scorpion asking for a ride.

@ Skeptical

Look, Dirk, it would be a truly remarkable conspiracy for the entire US Intelligence Community to issue the statements it has without very strong evidence.

It is an established fact that certain parts of the US IC, or at least their leadership, not only are known for regular lying and withholding of critical information on behalf of their paymasters, but just as much for having agendas of their own that are not necessarily aligned with that of the administration. It's not different in any other country. I am very sorry, but after decades of squandering my trust, I have exactly no reason to believe anything they're telling and I can't for the life of me understand an intelligent person like you does.

If my deep mistrust of the IC's competence, truthfulness and even good intentions makes me a conspiracy theorist, then so be it. But I'd rather be called a tinfoil hat than a gullible fool.

GreenSquirrelJanuary 15, 2017 12:04 PM

@Dirk Praet

I don't think there currently is one either qualified or authorised for such a job.

I agree, and while I largely agree with every single thing you say about how international conflicts should be resolved, the reality is no nation would agree to this. Every country will (and does) respond to the information its intelligence agencies provide to its government, no matter what the general public think.

However the interesting thing here is that you have set a standard of "proof" for the US to respond to what they believe is an attempt by the Russians to influence its election cycle which you've just admitted is impossible to ever achieve. In practical terms there is nothing you would allow to convince you the Russians hacked the DNC and tried to influence the US elections.

Gerard van VoorenJanuary 15, 2017 12:18 PM

@ GreenSquirrel,

In practical terms there is nothing you would allow to convince you the Russians hacked the DNC and tried to influence the US elections.

Let me answer you that. In The Netherlands the far right party PVV is being financed with US money. That also counts for the right party VVD. I don't know how much more a small foreign group can influence our politics. YET ... it's still happening. The Russians are probably influencing it as well, not openly with suitcases full of cash but they try a different approach. So if you are talking about foreign influence and are furious or whatever that the Russians are doing it, try living in The Netherlands. Then you are being influenced by US money.

Dirk PraetJanuary 15, 2017 1:52 PM

@ GreenSquirrel

In practical terms there is nothing you would allow to convince you the Russians hacked the DNC and tried to influence the US elections.

With what's currently on the table, no. All I have seen so far are allegations, assumptions and working theories that the Kremlin was behind it. Not damning evidence. And my standard of proof is the same for the US as it would be for other countries.

Which ultimately leads us back to a discussion I had with @Skeptical a long time ago in a thread far, far away. As long as nations in the great game of spying refuse to be bound by international rules of engagement and arbitration and at best see those as guidelines mostly applicable to everyone but themselves, nobody in the end has a foot to stand on. In the wake of Snowden's revelations of planet-wide mass surveillance and intrusions, neither Russia or China started screaming bloody murder all over the place but instead quietly worked on improving their defenses.

I recommend the US do the same and stop acting like a cry-baby everyone knows does the same thing to other countries, and irrespective of whether it was indeed the Russians or somebody else who was behind the DNC hack. It will earn you way more respect and credibility than the ongoing display of sheer hysteria.

SkepticalJanuary 15, 2017 2:26 PM

@Dirk: It is an established fact that certain parts of the US IC, or at least their leadership, not only are known for regular lying and withholding of critical information on behalf of their paymasters, but just as much for having agendas of their own that are not necessarily aligned with that of the administration. It's not different in any other country. I am very sorry, but after decades of squandering my trust, I have exactly no reason to believe anything they're telling and I can't for the life of me understand an intelligent person like you does.

Let's assume your view of the US IC is true - that they regularly lie and withhold critical information for the sake of their own agendas.

Presumably such a view would require regular leaks of such lying and withholding - for how else would we know - and yet there are no such leaks here.

The attribution and assessment delivered by the US IC goes well beyond a few select compartments in the US IC. Instead you've had the intelligence oversight committees of both House and Senate briefed, the President-Elect (whose view of the IC, as expressed in his tweets, does sometimes seem to rise to the level of conspiracy-theorist) and certain members of his staff, the President, and a large number of others. You have continuing investigations by multiple Congressional committees, which, difficult as it may be for many less familiar with the US system to believe, actually do uncover facts even when executive agencies would prefer they remain deeply hidden.

So the what are the odds that a conspiracy of lies on such a subject would NOT leak to the press?

Nearly nil.

Let's add to that another fact: the President-Elect was persuaded by the US IC, as was his chief of staff and former chairman of the Republican Party, both of whom have every reason not to be persuaded and to question every assertion.

Let's add the conclusions of multiple private entities that are entirely consistent with those of the US IC.

Finally, let's add a final, crucial fact: the President-Elect is about to take the reins of power. The conclusions of Russian interference are not in his self-interest at all, and he has been rabidly adversarial to such conclusions until recently. Anyone in the IC would know that once Trump, Flynn, and others, are in place, any such lies and withholding will be uncovered, and those who perpetrated them would be pulverized.

So, again, even taking your view of the US IC as true, it's highly unlikely that this is a case based on lies, whether by commission or omission. And I'm basing that analysis based purely on the self-interests of those who would be involved in putting together such an assessment - not their integrity, not their patriotism, not their honor.

You said that you'd rather be thought a tin-foil hatted conspiracist than a gullible fool. But in fact both are equally bad, and both are equally devoid of wisdom.

A balanced approach would take into account both that there are of course bureaucratic politics and agendas and that there may be some who desire to pursue a policy, their minds already decided, who can and will push for analysis that supports their existing views. John Bolton - and I do not know the truth of this assertion - was alleged to have been one of the worst offenders in this respect. Rumsfeld's approach to the Iraq War and occupation was disastrously immune to analysis and advice that conflicted with his preferences, to give another example.

And once a policy becomes decided, a preference by the powerful becomes well-known, analysts will feel discouraged from offering reports or assessments that are inconvenient. This is simply a consequence of the limits of our cognitive capacities. Policy-makers have limited time and energy; asking one to rethink his assumptions for a policy he has signed on to, and is struggling with the complexities of implementing, is asking a lot (but a lot should be asked). They'll be tired, overworked, unable to step back, and will not appreciate the finer points of an analysis that unwinds beliefs to which they committed. And so any analyst, any manager, must know that his or her product will not be well-received, and that there may be a negative effect on their standing, reputation, and prospects for advancement.

My understanding is that measures are taken to shield the intelligence side of the house from such pressures - even in the context of a "fusion" approach to operations and analysis - but human beings are imperfect and politics inescapable in full (though they can be mitigated).

But this isn't a case of an assessment being delivered or shaped by groups who believe they already knew the truth and the right policy. Instead it's a rare public attribution, certain to deeply scrutinized, made by an IC whose current leadership is leaving, under the auspices of a President well-known for being both very deliberative and who is leaving himself as well. There is no group ensconced in a position of power, with a favored policy firmly in mind, who have every incentive to seek a conclusion to enable that policy.

The policy consequences of the attribution are uncertain. Those who have been persuaded have every interest in the attribution being false. And those who have made the assessment have every interest in checking every box and not sticking their necks out.

This isn't a case of intelligence driven by policy preferences, or self-interest, in disregard of actual facts and responsible, conscientious analysis.

A balanced approach to assessing the situation does not lead to any other conclusion.

And the gullible fool and the conspiracy theorist? Both are locked in the same prisons of a faith immune to facts; both are poorly adjusted to a world of varying degrees of uncertainty; both mistake their faith for special insights.

The courageous embrace the uncertainty of the world, the mixed nature of human beings and human institutions, and yet do not fall into the malaise of nihilism or an empty cynicism - they make the best call on the basis of available facts and background knowledge, knowing well that while mistakes are always possible, they are not always equally probable.

GreenSquirrelJanuary 15, 2017 2:53 PM

@Dirk Praet,

With what's currently on the table, no. All I have seen so far are allegations, assumptions and working theories that the Kremlin was behind it. Not damning evidence. And my standard of proof is the same for the US as it would be for other countries.

What I mean is there is no way the US government could convince you to change your mind on this. It will always just be allegations, assumptions and working theories for you. Even if they outed their HUMINT source I suspect you would still doubt it on the grounds the source may have made it up.

There isn't anything fundamentally wrong with taking this standard of proof, but the practicality of life is that I don't know of any other nation which agrees with you.

In the wake of Snowden's revelations of planet-wide mass surveillance and intrusions, neither Russia or China started screaming bloody murder all over the place but instead quietly worked on improving their defenses.

I don't think this is the same. This is not "Russia spied on our comms" or even "Russia hacked us." From the point of view of the US Government, this is "Russia attacked our election with an intent to influence the outcome."

There is zero chance either Russia or China would sit quietly if they felt they could evidence the US doing the same in return. Look at the public outrage when the CIA influence elections in other countries and they are often the weaker ones who can't actually retaliate in any way.

And there were political repercussions from Snowden's leaks - the UN adopted Resolution 68/167 as a result, the German Government had multiple outrages against the US Government (and also suggested Snowden was a Russian spy which I find unlikely).

For better or worse, the US is a country full of people who have a fairly childlike (at least to European eyes) response to things. There is nearly always a catastrophic over-reaction and little hesitance to hold double standards. We shouldn't be surprised at what they have done here. Now they have a president who wets his knickers on twitter if anyone says anything mean about him, I can't imagine things will improve.

rJanuary 15, 2017 2:56 PM

@Dirk Praet,

Espionage, in it's modern form - is nothing more than a Mexican Standoff.

Until we all off of the escalators they will remain in full working order, it's unfortunate - but your intelligence has to come from somewhere.

rJanuary 15, 2017 3:08 PM

One can be a part of THAT conversation, or one can abstain. It's a choice, but closing your eyes doesn't make it go away when your neighbor buys a howitzer and starts pointing a laser at civilian planes to take measurements.

Just hope he doesn't frame you up for a black bag job with that laser pointer.

rJanuary 15, 2017 3:37 PM

Trump's right, we should stand down from NATO and middle eastern interdictions - we've got enough on our plate here at home and south of the border.

When and if you need some help with ISIS or a couple Siberian polar bears come wandering into your camp (because a large % of Europe is a camp after all, you were once under Soviet jurisdiction you (like Ukraine) can be so again) you can write down the time date place and event for us on some sort of paper and reach us via the USPS @ 1 White House Lawn.

Until then, I advise you purchase a couple large caliber rifles and learn to use them yourselves.

rJanuary 15, 2017 3:41 PM

Maybe you guys will publish some fake news about tanks rolling through Paris or Berlin and we'll buy it, maybe we wont. Maybe you'll have us all convinced next time it happens that it's nothing more than fake news and that we should mind our own business practices first.

Dirk PraetJanuary 15, 2017 5:09 PM

@ GreenSquirrel

Even if they outed their HUMINT source I suspect you would still doubt it on the grounds the source may have made it up.

I do not pretend to be qualified to judge the veracity of any source even when it is presented in front of me. I will however try to rely on common sense and the judgement of an impartial party I trust is qualified to do so. I already told you I at least partially accept the findings of the forensics organisations that found traces suggesting involvement of APT28/29, and who were previously linked to Russia. The USG and IC however are not parties I bestow any trust upon.

this is "Russia attacked our election with an intent to influence the outcome."

In the bigger picture, it is all part of the same game.

the UN adopted Resolution 68/167 as a result, the German Government had multiple outrages against the US Government

Well, kinda everyone except @Rolf Weber found the evidence reasonably overwhelming. Still I don't recall mummy Merkel getting all hysterical in public over it. Worst case scenario was that she rang POTUS and asked him Trump-style WTF was going on.

There is nearly always a catastrophic over-reaction and little hesitance to hold double standards.

Sad but true. When such things happen in private relations, you often notice that 3rd parties not familiar with the details generally tend to side with the party that stays cool about the thing, not with the one getting all bonkers over it.

@ Skeptical, @ Wael

The courageous embrace the uncertainty of the world ... they make the best call on the basis of available facts and background knowledge

True, but the wise only have their fugu from a licensed chef, not from a cook known to have previously poisoned customers.

So the what are the odds that a conspiracy of lies on such a subject would NOT leak to the press?

On par with the total secrecy surrounding the massive surveillance dragnet Snowden revealed? That kinda took some time to come to the surface too, and if we may believe its defenders, every party you just named was aware of except the general public. And before it did, everyone even hinting at it was called a conspiracy theorist too.

And I'm basing that analysis based purely on the self-interests of those who would be involved in putting together such an assessment

You can easily make an opposing case in which the damaging of Trump and the vilification of Putin totally benefits those involved.

WaelJanuary 15, 2017 5:37 PM

@Dirk Praet,

True, but the wise only have their fugu from a licensed chef, not from a cook known to have previously poisoned customers.

Fugu on a security forum! Amazing …
You are well informed, my friend. Almost 08BF 2360 hex seconds to the date[1]

I had fugu, the cooked variety, mind you! What makes the chefs "good" is the fact they leave enough of the poison to give the customers a buzz and numb their lips without killing them. It's not about removing all the poison! That would be an easy task.

@Ratio will go to town with this, if he can decipher the message :)

[1] Duration between dates followed by a converter

Clive RobinsonJanuary 15, 2017 11:17 PM

@ Wael, Dirk Praet,

What makes the chefs "good" is the fact they leave enough of the poison to give the customers a buzz and numb their lips without killing them.

Did you know the fugu puffer fish poison found in it's skin and viscera and eggs is also known in popular culture as the "Haiti Zombie drug" poison?

I might have mentioned it here in the past, because the active component of interest in the poison is tetrodotoxin (TTX) which is a very potent neurotoxin and according to some sorces about a thousand times more leathal than cyanide, not as bad as bo-tox but certainly getting there.

However a couple of popular culcutre ideas are incorrect. Firstly it's actually not produced by the fish but a bacteria it ingests from one of the Vibrio family. Which is why captive fugu lose their toxcicity fairly quickly when not fed a diet with the bacteria. Secondly although the symptoms are remarkably similar the poison has not been found in so called Haitian Zombie potions.

Tetrodotoxin works by acting as a unimolecular blockade to the tetrodotoxin sensitive (TTX-s) fast voltage-gated sodium (Na) channels in the cell membrane, effectively stoping the nerve signal getting into the cell. Apparently tetrodotoxin first makes you numb, then get you high, then suppresses your nervous system functioning into a death like catalepsy and eventually as with all poisons death. With mean leathality (LD50) in mice of 8ug/Kg intravenous and about fourty times that for injestion it is certainly nasty stuff. Perhaps even nastier if you've been poisoned by it, is that the nerves to smooth involuntary muscles are TTX resistant whilst your voluntary muscles are TTX sensitive. Which means your heart keeps going even though your respiratory muscles have ceased to function.

Researchers have had an on/off interest in it since the 1980s for use as a medicine to be used in surgery for both local and general anesthesia, because of it's "prolonged local anesthesia with minimal myotoxicity". Which is what is thought to have given the zombie effect back in the 1980s.

However... it fell out of favour for various reasons, like the serious deficit of having a narrow margin of safety, but like a Haitian zombie it keeps coming back. If you are not squeamish and don't have a fondness for "fancy rats" you can read more about it,

http://anesthesiology.pubs.asahq.org/article.aspx?articleid=1946905

I first came across it when looking into early Japanese warlord culture. Apparently it was known to be used as a way to commit suicide, thus an Emperor had baned the fish being given to soldiers. And like the researchers TTX is something that keeps re-appering as I meander through life.

Oh the human death statistics in Japan is that on average only six of the fourty odd poisonings a year are fatal. By far the majority of these poisonings are in fishermen whilst it's virtualy but not quite unknown in restaurants.

GreenSquirrelJanuary 16, 2017 1:52 AM

@r

Trump's right, we should stand down from NATO and middle eastern interdictions - we've got enough on our plate here at home and south of the border.

For me, this is a good indicator that the Russians would have a valid reason to have influenced the campaign in order that Trump was elected.

GreenSquirrelJanuary 16, 2017 2:02 AM

@Dirk Praet

I will however try to rely on common sense and the judgement of an impartial party I trust is qualified to do so.

The problem is if there are no impartial parties or none you feel are qualified, then we hit quite a significant roadblock.

In the bigger picture, it is all part of the same game.

Fair one - I cant disagree, but when does the game change?

Most military conflicts are carried out with the intent to change the rulership of the enemy nation. If you can achieve that via non-kinetic means is it different?

If the hypothetical scenario of Trump pulling out of Nato and refusing to get involved in Europe leads to Russia invading Poland (for the sake of argument) without any effective opposition, does that mean the election-influence-ops were just part of the same game and no one should really care because nations surveil each other all the time?

Still I don't recall mummy Merkel getting all hysterical in public over it. Worst case scenario was that she rang POTUS and asked him Trump-style WTF was going on.

Again, this was because it was just surveillance with no evidence of active interference ops. I seem to recall lots of public outrage across Europe and there were repercussions (SafeHarbour for example) which parallel the diplomatic expulsions.

All that the US did to Russia was say you are bad people and your diplomats can leave our country. They didn't invade, launch missiles or any other form of offensive action. Trump has repeatedly stated he wants better relations with Russia and will consider lifting the sanctions.

This really feels like a full on win for Russia - a minor slap in the face followed by rewards.

Sad but true. When such things happen in private relations, you often notice that 3rd parties not familiar with the details generally tend to side with the party that stays cool about the thing, not with the one getting all bonkers over it.

I agree.

However, it doesn't mean the one going bonkers is always wrong it just means our cognitive bias pushes us in a certain direction that can be manipulated by a cunning party.

Inflame your opponent, let them over-react and get people to side against them... It kind of feels like we are describing a Russian government information-operation....

rJanuary 16, 2017 4:08 AM

@GreenSquirrel,

The worst thing about it, if this is all true. Then it encourages manipulation going forward.

But what can we do? Just the same thing as before I suppose, protest in the streets under the watchful eye of a potentially corrupt FBI. Yay!

Dirk PraetJanuary 16, 2017 5:17 AM

@ GreenSquirrel

The problem is if there are no impartial parties or none you feel are qualified, then we hit quite a significant roadblock.

Which is exactly why we need more cyber agreements like the one struck between the US and China in September 2015.

However much we acknowledge the legitimate concern of both the US people and its government, the main point @Clive and myself have been making all along is that under a traditional (and even seriously diminished) interpretation of the burden of proof there currently is no (publicly available) evidence for the Kremlin having ordered the DNC hack and the subsequent release of damaging information. Besides having an additional issue with the hysteric reactions and the double standards surrounding the event, we don't take the USG or IC's word for it or go with the "obvious" for absence of tangible evidence for other theories pretty much everyone even refuses to contemplate. If in the eyes of an American patriot that makes us look like clueless idiots or Russian agents, that's a risk I'm willing to take.

The only way forward in this type of conflicts is for governments to sit around the table and negotiate rules of engagement and arbitration. Which not only will require an entirely different disposition and concessions from ALL parties involved, but ultimately is also why we have and pay these folks for in the first place. The alternative being that sooner or later the world gets confronted with a Cuba missiles type of escalation and which exactly no commoner either in the US, Europe, China or Russia will benefit from.

Dirk PraetJanuary 16, 2017 10:02 AM

@ Wael, @ Clive

What makes the chefs "good" is the fact they leave enough of the poison to give the customers a buzz and numb their lips without killing them.

The poor man's version of which would be a kipper laced with novocaine, for added effect accompanied by a covo (codeine-vodka cocktail; accidentally invented by a friend of mine as a biker spoof of the Spanish sparkling wine cava).

SkepticalJanuary 16, 2017 2:45 PM

@Dirk: True, but the wise only have their fugu from a licensed chef, not from a cook known to have previously poisoned customers.

The cooks here are both eating their own cooking and serving it to their harshest critics before an international audience - and not only is no one getting sick, but their harshest critics have pronounced the meal sound.

Now you didn't get a chance to watch the sources of the ingredients be grown or raised, or harvested or slaughtered, or cooked or prepared - but unless you think the cooks suicidal, you can have fairly high confidence that they're not poisoning the food.

If you had to assign a number to the probability that Russia is in fact responsible for hacking the DNC and leaking its files to Wikileaks and other outlets, what would it be?

10%? 20%? 50%? 80%?

Currently all I'm hearing is "less than 100%" which doesn't mean much.

On par with the total secrecy surrounding the massive surveillance dragnet Snowden revealed? That kinda took some time to come to the surface too, and if we may believe its defenders, every party you just named was aware of except the general public. And before it did, everyone even hinting at it was called a conspiracy theorist too.

Content surveillance was leaked to the NY Times 9 years before Snowden's disclosures. The call detail record database program was leaked in 2006 to USA Today. And the practice of certain electronic surveillance ended in 2004 when the leadership of the Department of Justice refused to sign off and threatened to resign if Bush authorized it.

Otherwise you're talking about the courts, Congress, and the President, and others, being briefed accurately by the US IC on programs they approved and not disclosing what they were briefed on.

Here though you're talking about the US IC deceiving the President, the President-Elect, the intelligence oversight committees, and others. There are no reassurances from attorneys, from courts, from oversight committees, from outgoing or incoming Presidents, that anyone involved in such deception is acting legally, or with any institutional approval. And not only aren't those parties to whom you've lied merely staying silent about what you've told them, they're actively pronouncing themselves convinced by you AND launching their own investigations. So not only would such deception be nakedly criminal and in opposition to those in power, but it would be deception that attracts enormous scrutiny from those being lied to - and particularly since the incoming President is extremely hostile to the conclusions you're lying about, you're almost certain to be exposed.

Does it make any sense from a vantage of self-interest for career officials at any of the agencies involved to be a party to such a conspiracy on the eve of the President-Elect assuming power?

Now, that doesn't mean the US IC might not be wrong. But it does mean the odds of a criminal conspiracy are extraordinarily low.

Dirk PraetJanuary 16, 2017 4:30 PM

@ Skeptical

If you had to assign a number to the probability that Russia is in fact responsible for hacking the DNC and leaking its files to Wikileaks and other outlets, what would it be?

I don't know. I don't mean to be rude but I've said pretty much everything I had to say on the subject. So please don't take it personal if I'm just going to let this one slip and before @Moderator slaps me on the wrist for soapboxing.

Dick MillsJanuary 18, 2017 7:49 AM

NSA's technical skill can attribute the hacking, but it can not establish the motivations and purpose of the attackers. The Russian's goal could have been to undermine USA democracy and destabilize USA society regardless of who won. If Trump one, it casts doubt on the legitimacy of the election. If Clinton won, it would reinforce the suspicion of the public that the president elect should be in jail rather than in the White House.

Another thing they can't prove is that the Russians were the only hackers. Given Podesta's stupid password "p@ssw0rd", any 11 year old could have hacked the DNC. There could have been dozens of independent hackers from any country who could have stolen the emails and given them to Wikileaks.

MarkHJanuary 18, 2017 3:00 PM

I've skimmed through this generally dreary chain of comments ...

A great deal of theological blather (I'll never believe a word X says, I don't trust Y, I'm skeptical of Z). Most of it Pure Personal Opinion ... useless.

And hair-splitting over standards supposedly applied in courts of law during criminal prosecution (what courts? which law? what crime?) As I explained above, these legalisms have no relevance whatever to how sovereign states deal with attacks against their security. How many angels can dance on the head of a pin? Who cares?

There was a particularly medieval inquisition on the word "evidence." This word is not the exclusive property of The Law (duh). It is used in science, and in deductive logic too. Really, guys, look it up ... I'm not lying to you!

Criminal courts in liberal states use rules that are not biased toward the discovery of truth. Rather, they are biased against erroneous conviction, and it is generally accepted in such liberal states that many false exonerations will result. Criminal rules of evidence are designed and construed accordingly.

The scientific conception of evidence is rather different. It certainly includes biases, but not so one-sided as in (for example) a US criminal court.

When air safety investigators study a crash, any bit of witness testimony (however unreliable), piece of apparent or actual debris, and even fragments of human remains are all considered as evidence toward the discovery of truth. They are not interrogated by the rules of a criminal trial.

The foregoing, by the way, is factual ... not opinion.

MarkHJanuary 18, 2017 3:32 PM

One line of reasoning I sometimes see in the amateur analyses presented in the comments thread, runs something like this:

"Part of the attribution case rests on sloppiness (leaving 'fingerprints'). But a Big Rich Wicked Powerful State like Russia would do everything Ultra-Slick, and would never be so sloppy. Therefore, these apparent fingerprints are actually part of a 'False Flag' deception. Also, I love to say 'False Flag' because it shows that I read Spy Books and Know Cool Stuff."

Now, this line of reasoning is plausible, and I certainly can't demonstrate that it is not correct in application to the instant case.

However, I offer two observations that are anchored more in observed fact than arm-chair theorizing.

1. Historically, many nominally covert operations launched by orders of the Kremlin have in fact been discovered, with enough evidence to conclude with high confidence where they originated.

Quite often, these revelations owe at least as much to carelessness and error by Kremlin operatives, as they do to the astuteness of investigators from other states.

In other words, a certain Big Rich Wicked Powerful State slips and falls on its own dog-waste rather frequently. Those readers of this blog who haven't lived in the Former Soviet Space might be amazed by the extent to which activities conducted rather placidly in the West are hampered Over There by miserly allocation of resources, amateurism, rampant corruption, and a deeply ingrained culture of desperate improvisation.

2. Putin's Russia is a gangster state, operating similarly to 1920s Chicago, or Sicily for some generations.

Attacks in such an environment are not intended to be secret. It is important that the damage be widely seen, and that most of the target audience (in this case, everyone) be highly confident who "ordered the hit."

On the other side, it is useful to have enough confusion and ambiguity that the assault remains plausibly deniable. The attribution can be debated ad nauseum (as witness, the mountains of drivel above).

This strategy allows the gangster power to have the benefits of intimidating or terrorizing the victim population, while protecting the gangster power from "conviction" by opposing institutions and, perhaps more importantly, by the opinion of populations inclined to sympathize with that power.

Accordingly, for Putin's Kremlin, sloppy half-arsed "covert" ops are often appropriate instruments to use against his enemies. It would be madness to waste resources on the kind of surgical precision to which Mossad (for example) is reputed to aspire, when this would fail to deliver the required strategic results.

name.withheld.for.obvious.reasonsJanuary 18, 2017 3:45 PM

@Skeptical

The IC did lie, it was to the FISCR. If you had read the court review by a member of the FISC bench from Oct 2011, the deception by the IC was documented and characterized as criminal. No action or motion of substance was issued except for the IC to become compliant with the law. It would have also become abundantly clear that the IC was "playing" the court as fools according to the jurist of record.

Do not think for a millisecond that thr IC is not both capable and willing to abuse either power or process. Clapper, Hayden, and Alexander have all proven themselves functionairies of the institution, not representative of the Executive, Court, Congress, or the People.

Clive RobinsonJanuary 18, 2017 5:22 PM

@ MarkH

As I explained above, these legalisms have no relevance whatever to how sovereign states deal with attacks against their security.

As has been patiently explained there is a great deal of difference between how sovereign states behave behind close doors and in public.

When the leader of a western sovereign nation publically makes an accusation against another state of "attacking the national security these are rightly regarded as "extrodinary claims" as they can be used to precipitate a lawful state of war. Thus they require "extrodinary evidence" to be presented publically as well.

If that is not done then the accusatory leader is in danger of being treated as not a statesman of caliber and getting seen as at best being weak. Even those in the leaders nation may well regard them as performing idiotic grandstanding.

The evidence offered publicaly by the US is not evidence in anything other than a fanciful imagination or one who has significant cognative bias. Some of it is actually factually wrong.

Have a read of,

http://www.nybooks.com/daily/2017/01/09/russia-trump-election-flawed-intelligence/

Otherewise you are in danger of looking like Obama does to the civilised world.

AnuraJanuary 18, 2017 6:19 PM

@Clive Robinson

It seems like their criticism is that everything they are talking about could potentially be interpreted differently. I mean, that's how intelligence campaigns are designed. You want your propaganda to look like news, you want it to appeal to your audience (I laughed at the "Well, RT are just doing the same as Breitbart and Fox News - see Not Propaganda!").

There's a lot of valid criticism in that article, and I don't disagree with the conclusions, but I think the criticism of the specific items of the report kind of misses the point the report is making. The real problem with the report is it doesn't discuss whether they obtained that information by just analyzing public statements, whether they got the information from intelligence inside the Russian government, or just analyzing signal traffic (generally, you want multiple independent confirmations).

Dirk PraetJanuary 19, 2017 4:19 AM

@ Anura

The real problem with the report is it doesn't discuss whether they obtained that information by just analyzing public statements, whether they got the information from intelligence inside the Russian government, or just analyzing signal traffic (generally, you want multiple independent confirmations).

It stands to reason that sources and methods are never referenced in a report meant for public consumption. I hadn't read this specific article yet but there surely is a lot of "Hineininterpretierung" going on indeed (someone really needs to invent an English word for this). If the conclusions based on the withheld SIGINT/HUMINT are as solid as those drawn from the publicly available (and verifiable) information, then the entire case is even weaker than I thought. But I guess it just won't stop anyone from seeing Russians where they want to see Russians.

AnuraJanuary 19, 2017 1:56 PM

@Wael

I don't know why everyone scoffs at me when I tell them the problem is solved: Brain computer interface, with an implant that stores asymmetric keypairs and allows you to communicate wirelessly with any device and use your keypairs to authenticate with their respective systems. You can change keys, don't have to worry about brute force. There are literally no downsides besides brain surgery.


Any early adopters? I can rush it to be the first to the market.

MarkHJanuary 19, 2017 3:58 PM

Clive,

I read the first linked article several days ago. I am a long-time admirer of Gessen, and even so found nothing of interest in her argument.

Yes, the unclassified version of the report has very skimpy data. We could all see that on day one.

As one middle-aged engineer to another, we can sit on our arses all day long and write rules for how nation states should conduct themselves. I could pose diktats counter to yours, my friend, but it is an exercise in intellectual wankery.

When you get the first UN member state to sign on to your rules, let us all know.

I seem to have read a LOT more history than most of the frequent commenters on this blog, or at least I understand history very differently.

To an excellent approximation, 100% of actions are taken on the basis of incomplete and imperfect information. It's what we call the Real WorldTM

WaelJanuary 19, 2017 4:14 PM

@MarkH,

I seem to have read a LOT more history than most of the frequent commenters on this blog, or at least I understand history very differently.

Of course! Must've been pretty big 'arse' fonts!

Dirk PraetJanuary 20, 2017 5:04 AM

@ MarkH

To an excellent approximation, 100% of actions are taken on the basis of incomplete and imperfect information. It's what we call the Real WorldTM

The bar for any (re)action remaining "beyond reasonable doubt".

MarkHJanuary 20, 2017 6:22 AM

You guys are pretty funny, in a depressing way.

Dirk, as I wrote to Clive, we can propose standards to our heart's content. At least, we can for now, because with the tidal wave of authoritarian governance sweeping the planet, we may lose our liberty to do so.

I can't PROVE this -- not beyond reasonable doubt, certainly -- but let me offer a thesis:

Heads of state don't think at all about whether Mark approves of their conduct, or Clive, or even Dirk, as foolish and shortsighted as that may seem.

The "bar" is set by their concept of their responsibilities, their personal integrity (a rapidly dwindling commodity), the laws and constitutions of their states, and the influences of history and custom. They are not bound to respect our wisdom or ingenuity, expect insofar as we are citizens of their state and participate in elections (if we are lucky enough to live in the shrinking percentage of Earth's surface where competitive elections are feasible).
_________________________________________

As an example of the gallows humour here, Clive admonished me that I am "in danger of looking like Obama does to the civilised world."

Oh noes! People might see me like Obama!

If anyone reading this cares more about reality than the projections of their own fantasies, it might be interesting to ponder:

1. How does Obama rank compared to the heads of other powerful states, in the degree to which he and his word are respected world-wide?

2. How does respect for Obama compare to that of the preceding two US presidents?

3. How does respect for Obama compare to that of his successor?

One of the most obvious defects of Trump, is that he appears completely indifferent as to whether his pronouncements correspond to the reality of the world.

Do we really want to be in Trump's category?

Dirk PraetJanuary 20, 2017 7:41 AM

@ MarkH

I can't PROVE this -- not beyond reasonable doubt, certainly --

Thank you. I believe this is actually what @Clive and myself have been trying to point out all along.

Heads of state don't think at all about whether Mark approves of their conduct, or Clive, or even Dirk, as foolish and shortsighted as that may seem.

Of course they don't. Which doesn't mean that they always get away with it. Watergate cost Nixon the presidency. Gerald Ford's full pardon of tricky Dicky played a decisive role in him losing the relatively close 1976 election to Jimmy Carter. Nothing in recent times has more damaged the US's image on the international stage than the Bush administration's WMD lies in the UN and that lead to the catastrophical war in Iraq. Both Republicans and Democrats leaving behind the man in the street was what catapulted Trump to power. EU politicians and institutions utterly failing to listen to people's legitimate concerns about the effects of globalisation and mass immigration is the main force behind the rise of populist, not even thinly disguised authoritarian parties in Europe. As a self-proclaimed history connoisseur, there's probably plenty of more examples you can add to the list.

Call us naive as much as you want, but there still are folks with a strongly developed BS detector and, contrary to others, voice their dissenting opinions instead of blindly accepting whatever $DEITY or the supreme leader of the moment is dictating on the matter. When I was young boy, my grandmother used to read tales of Hans Christian Andersen to me and my sister. I guess none of those had a more profound impact than The Emperor's New Clothes.

MarkHJanuary 21, 2017 6:35 AM

The Intellectual Arrogance of Geeks, Part I

Bruce has reminded us many times, that engineers who are perfectly ignorant of cryptography invent worthless ciphers, thinking "I'm a clever engineer, and this isn't so hard." That is intellectual arrogance. But we sophistos who often comment on this blog, of course, know better!
____________________________________________

I assume that many of the "lurkers" here make our livings in technical work and/or academia. Everyone who falls into this category, has probably experienced this at least once: a supervisor/administrator/client, with a grotesquely over-simplified concept of our work, casts doubt upon and/or lectures us about it. Someone of abysmal ignorance, lecturing a professional. If you've been through this, you'll know how irritating and sometimes infuriating it can be.

We have invested years of intensive study and practice to develop our various levels of expertise. But a person who knows no more about our work than you could learn from a newspaper, says we are wrong or offers foolish advice. Often they are thinking, "I'm a clever person, I can understand this well enough." That is intellectual arrogance!
____________________________________________

At least half of the engineers I've known (and they have been many, over the years) delighted in making withering critiques of the management of whatever organization they (or we) worked for. Of course, this is easy and fun, because the shortcomings of management are easy for all to see. They think, "I'm a clever person, managing an organization can't be that hard."

But most of them have never even coached a kids' sports team, let alone attempted to lead an institutional effort to accomplish technical or educational results. In my judgment, they have been utterly ignorant of the enormous challenges and pressures on the other side of the desk.

Sometimes I asked them, "if you are so much smarter about how to run an organization, why aren't you running one now?"

They are guilty of intellectual arrogance in the first degree.

Nick PJanuary 21, 2017 9:24 AM

@ MarkH

I disagree with your conclusion. Instead, the people that got in the management positions were there for superior skills or perceived skill in managing people, knowing business, alignment with executive's expectations, etc. They typically have different goals than the IT people. They might not understand IT at all with most CIO's coming from an operations background. Yet, they tell the IT people how IT needs to happen, what investments are worthwhile, what maintenance shouldn't be done, that security doesn't matter, and so on. The IT people rightly call bullshit on such a situation.

In a well-managed environment, the people running IT understand both the business and IT side of the equation. At least one IT person will be there for evaluating proposals for feasibility. The IT proposals themselves will be about providing business benefit. Some budget exists for security, maintenance, etc. The IT projects will probably succeed more than fail here.

MarkHJanuary 21, 2017 2:01 PM

The Intellectual Arrogance of Geeks, Part II

Not very long ago, we learned that the FBI had interrogated a man who implied (falsely) that he could control a passenger jet by plugging into an ethernet jack on an under-seat passenger entertainment assembly.

Bruce posted about this story, and the comments discussion was memorable.

I particularly recall two currents of criticism, which I attempt to summarize:

1. "If in truth the passenger entertainment systems have a connection to the network of critical avionics flying the aircraft, then the planes' designers are guilty of inexcusable negligence."

2. "I don't care how good those aviation engineers think they are, they lack the Security MindsetTM needed to protect against an active adversary, which we self-proclaimed Security Mavens possess in abundance. Therefore, they can't connect these two networks without endangering the plane."

It seemed to me at the time that I was in a distinct position from all of the regular commenters whose thoughts I was reading. I have studied aviation safety for decades, and in consequence have a little-bitty teensy-weensy understanding of how safety-critical systems are analyzed and certified for use in civilian airliners.

Everyone else, as far as I could deduce, was at absolute zero in this domain of knowledge.

This did not in any way discourage them from asserting the two theses summarized above, with utmost authority and certitude.
____________________________________________

Without getting into the details, I thought it very probable, based on my thumbnail-sized knowledge of the aircraft design and certification process, that both theses were dead wrong.

Interestingly, two or three comments appeared on that discussion by people claiming job-based knowledge of relevant types of airliner systems, who very modestly and politely explained that no, the design of the system absolutely precludes the supposed vulnerability.
____________________________________________

At the time, I was wondering "how do such smart guys get it so completely wrong?" It's the same kind of curiosity that has lead me to read extensively on why planes crash.

I came up with two guesses.

First, was the error of extrapolation, which goes something like this: "I've being developing computerized systems since the vacuum tube days, and I know the limits of How These Things Are Done. Within those limits, what those bozos did at Airbus and/or Boeing is damned unsafe."

Given the reality that almost all software is done at quality levels bordering on criminal negligence, resulting in system which are collections of serious accidents waiting to happen, I can understand people imagining that airliner flight control systems are just as bad. This extrapolation is understandable, but also wrong.

The second error (which interacts strongly with the first) is what I will call meta-ignorance: being ignorant of the dimensions of my ignorance.

Those of us who don't work on civil airliners (and perhaps a few other critical types of systems which are done at comparable levels) may be completely unaware that there is world of ultra-robust system design, which seeks to account for every credible failure mode. In order to keep the domain of credible failure modes small enough to enumerate, appeal is often made to radical simplicity.

Unexpected as it may seem, an ultra-robust system design can frustrate active attack without getting into the measure-countermeasure "arms race" we are so familiar with in the world of security.

Those who made Authoritative Pronouncements about a realm of engineering completely unknown to them, gave shining examples of Intellectual Arrogance.

WaelJanuary 21, 2017 3:32 PM

@MarkH,

Bruce has reminded us many times, that engineers who are perfectly ignorant of cryptography invent worthless ciphers

Generally speaking, yes and it's backed up by empirical data, too.

Bruce posted about this story, and the comments discussion was memorable.

Yes, this story! and this one

It seemed to me at the time that I was in a distinct position from all of the regular commenters whose thoughts I was reading.

So not only have you read more history books than most of us here have, but you can also read our thoughts. Across vast distances, too. I got news for you: You couldn't possibly have read my mind because I'm wearing state of the art tinfoil gear. And you couldn't possibly have read @Thoth's mind! He wears the Alkaline heavy duty hat.

Everyone else, as far as I could deduce, was at absolute zero in this domain of knowledge.

goddamn! That's a lot worse than 0C! Negative 273C... Isn't that a tad harsh?

This did not in any way discourage them from asserting the two theses summarized above, with utmost authority and certitude.

Happens once in a while. Engage them and educate them.

The Intellectual Arrogance of Geeks, Part II

You should have given a link rather than a paraphrased summary so we can engage in a more meaningful and less bitter discussion. Otherwise you run the risk of being accused of 'Intellectual Cowardice'© Part I.

WaelJanuary 21, 2017 3:55 PM

@MarkH,

One more thing:

You complain about this, call it mental arrogace:

Bruce has reminded us many times, that engineers who are perfectly ignorant of cryptography invent worthless ciphers

Then you make a similar assertion:

Those who made Authoritative Pronouncements about a realm of engineering completely unknown to them, gave shining examples of Intellectual Arrogance.

So a statement by your host is unacceptable to you, but when the same statement comes from you, it's ok? Quick! Trade Mark another term for what you just committed!

WaelJanuary 21, 2017 4:03 PM

@MarkH,

We're even, now ;)

Focus more on the subject and less on the person. Remember: I've got a sockpuppet with your name on it. And he's more patient than I'm. He'll get you ten years from now :-)

Dirk PraetJanuary 21, 2017 5:10 PM

@ MarkH

Re. The Intellectual Arrogance of Geeks, Parts I & II

Mark, excuse me for not being the sharpest knife in the drawer, but what exactly are you getting at and are the Russians somehow responsible for it?

The way I understand this forum is that we are all free to think about and comment on topics our host touches and for which a degree in the subject matter is not a prerequisite. If someone is demonstrably talking out of his/her *ss, then it is perfectly OK to point that out, and preferably in a somewhat civil and substantiated way. That's how a discussion goes forward and how, with a bit of luck, we all gain a better understanding of the topic, the baseline however remaining that everybody is free to voice whatever dissenting opinion unless it is being done in a consistently rude or condescending way.

"When men yield up the privilege of thinking, the last shadow of liberty quits the horizon." - Thomas Paine

Dirk PraetJanuary 21, 2017 5:22 PM

@ Wael

And you couldn't possibly have read @Thoth's mind! He wears the Alkaline heavy duty hat.

The guys at the hockey club never quite understood what that aluminium foil was doing in my helmet.

WaelJanuary 21, 2017 5:45 PM

@Dirk Praet,

Tell them it's an antenna that radiates some brain waves. If only they can receive it to be more intelligent ;)

Clive RobinsonJanuary 21, 2017 6:58 PM

@ MarkH,

Everyone else, as far as I could deduce, was at absolute zero in this domain of knowledge.

Some people have a depth of knowledge, some a bredth of knowledge, few have multidomain knowledge. However the one thing every one can do is make vague disparaging or critical claims without substantiating them.

Your comment of,

I particularly recall two currents of criticism, which I attempt to summarize:

Can by inspection of the thread concerned can be seen to be at best meaningless as there were rather more than two sets of concerns raised and in some cases they were detailed as to why they were a concern based on experience in similar safety systems.

At least one comment was based on knowledge of a very very public incident viewed in real time by the greatest percentage of the worlds population than any other incident so far. And that was the Apollo XI moon landing (due to rendezvous radar data which repeatedly scheduled a process because of a misconfiguration of the radar switches.)

Further those who design safety system rules --that other designers obay and implement in their systems-- have often spent quite a bit of time finding out why things go wrong and supposed accidents happen. Where a clear technical fault is established it can usually be attributed to domain to domain design oversight. That is a problem type is known in one domain but is not known about or considered relavant in another domain at design time, where unfortunately it is actually also applicable.

Further designers of safety systems have tended to follow the actuarial approach. Which whilst usually fine in random probability or predictable probability events caused by physical processes, are generally not fine when a malicious actor or other directing mind is involved.

Your comments suggest you are not cognizant of these points which is odd when you say,

I have studied aviation safety for decades, and in consequence have a little-bitty teensy-weensy understanding of how safety-critical systems are analyzed and certified for use in civilian airliners.

Ahhh well, I guess your last word is applicable,

Those who made Authoritative Pronouncements about a realm of engineering completely unknown to them, gave shining examples of Intellectual Arrogance.

ab praeceptisJanuary 21, 2017 8:15 PM

MarkH

Thank you for that excellent demonstration of, oh, well ... I'll stay polite.

Decisions like the one to interconnect flight control and entertainment systems was certainly not made by an expert engineer. You can confidently bet your house on it that that decision was made by management; possibly some of the involved managers had indeed at some point in their life got some kind of engineering degree - but that doesn't logically allow a statement like yours.

As for the security mindset one should see how committees tick, how large corporations tick, and when the basic decisions were made. Let me help you, they were made in about the years when many otherwise highly regarded IT engineers made decisions like those that still plague, for instance, Unix.

It's simple, the context was very different from today. "Security mindset" isn't something absolute, it's depending on and evolving with the context. Then, rather crude simple security (as in ITsec), was all that was reasonably needed. Then, digital systems were deemed just an evolution of electronics, "more bang for the buck and in less space, too".

Once that path was opened it got nailed down by corporate processes and by committees. How would they prepare for a situation where the majority of passengers had considerably more powerful systems in their pocket then large corporations had in their headquarters at that time? A situation where those pocket devices would exchange volumes of information by far bigger than, say, all cross atlantic communications combined at that time?

Once that did become visible on the horizon, you bet your ass that plenty system engineers started to become concerned and to make noise - obviously in vain. They lost at the first day of the battle against the high and thick and sturdy walls of corporate committee processes.

When it finally became clearly and unavoidably visible that whole segment had grown to a size and solidified (and been encrusted) to a degree where banks/shareholders, politics and whatnot were involved. I bet that at some meeting table someone high up said something like "To change the design and production and processes so as to have those on board systems really seriously secure will be so prohibitively expensive that whole aircraft related industries will close down. So, you either insist on it and have an industry that is secure but dead, or we go the time-proven way of incremental steps", the latter meaning corporation-politician-finance industry-committees sloooooow ping pong - which is obviously the route that was taken.

And that route wasn't that bad. They went step by step, system element by system element. If engineers (real ones, not managers) were involved then only in terms of "how?", i.e. the implementation of decisions.

Why wasn't the route the worst? Simple. Due to a factor you comfortably ignored: One can't just stop the world (or a large infrastructure or industry). There are systems - like e.g. major aircraft and the whole related businesses - one must change while they are at least to a large degree running.

Same with the ssl/tls crap. To rip that out of the OSs and distros, etc. would be a no brainer. BUT that's not possible because that would mean that administrations of countries, large organizations etc. would screech to a halt. The security part has been done; we have the building block. To implement that in a reasonable way without creating havoc is the problem that is hard to solve.

MarkHJanuary 21, 2017 11:02 PM

@Dirk:

Surely, we are free to air our beliefs, ideas and opinions. It's not my wish to limit such freedoms. I believe that freedom is under heavy threat, however. I also believe that our self-delusions make us more vulnerable to such threats.

For my own part, I prefer to write things which I hope will be somehow instructive or illuminating for a reader or two.

The unclassified report from the US intelligence agencies, nearly free of new information, was a kind of litmus paper.

Those with the general attitude, "those US officials are a bunch of lying liars and I don't trust a damned thing they say" naturally doubt or dispute the conclusion.

Those (like Bruce, it would seem) who place more trust based on the specifics of the situation, sources, and context, are inclined to accept the conclusion.

I don't "chime in" on this question, because my trust or lack thereof is of no inherent interest. Imagine a forum for little children: "my favorite color is blue!" "No, my favorite color is yellow!" Maybe fun, but of limited instructional value.

Where it gets more interesting, is when I imagine the counterfactual that the report had 950 MB of appended network logs, communication intercepts, and detailed technical analyses. Were this the case, people like you and me probably would be unable to independently verify most of it, or perhaps any of it.

So I imagine that it would devolve to the same situation: "Billy is my friend," or "Billy is a liar and he looks at me funny, make him stop!"
____________________________________________

As it happens, life has shown me that smart people often overestimate the reach of their insight, leading (from time to time) to spectacular errors to which the erring person is often blind. To me, it's a topic of interest and importance, which perhaps those who read Bruce's blog might also find interesting.

@Clive:

Did I say that those were the only two critiques? If so, where?

They were two which I believed (and still believe) don't make sense in light of how critical systems are designed for airliners.

MarkHJanuary 21, 2017 11:20 PM

@Wael:

There seems to have been a miscommunication. What I wrote wasn't clear enough, for which I apologize.

When I wrote that Bruce has taught us about the invention of worthless ciphers by crypto-n00bs, I didn't mean to to suggest that Bruce was practicing intellectual arrogance.

He is 100% correct: I used to waste time on a couple of cryptography forums, and it happened quite often that someone who spent a few hours reading about cryptography reinvented the same broken wheel.

The arrogance I meant was not in reference to Mr Schneier, but rather those who make Very Passionate Assertions of Rightness without having taken the time and trouble to study the domain.

It's the n00bs, who offer examples of intellectual arrogance.

And the depth of that arrogance is exposed, when you patiently explain to them where they are mistaken, and they respond with angry insistence that you either don't understand their brilliance, or accusations are part of a conspiracy (not making this up) to suppress invention.

MarkHJanuary 21, 2017 11:51 PM

Editing Correction, last words should read:

"or accusations are you are part of a conspiracy (not making this up) to suppress invention."

WaelJanuary 22, 2017 3:55 AM

@MarkH,

And the depth of that arrogance is exposed, when you patiently explain to them where they are mistaken, and they respond with angry insistence that you either don't understand their brilliance

Oh, well. Can't stop that. All you can do is explain. If they still argue, then it becomes a moot discussion, time to move on... hard to argue with 'Stupid'.

RatioJanuary 22, 2017 4:17 AM

@MarkH,

As it happens, life has shown me that smart people often overestimate the reach of their insight, leading (from time to time) to spectacular errors to which the erring person is often blind.

Close enough.

Clive RobinsonJanuary 22, 2017 5:34 AM

@ MarkH,

Did I say that those were the only two critiques? If so, where?

Well you did say,

It seemed to me at the time that I was in a distinct position from all of the regular commenters whose thoughts I was reading.

And,

I particularly recall two currents of criticism, which I attempt to summarize:

That is you tried to give the impression that no other posters on that page had made worthwhile comment, and that those not worthwhile comments were of two basic types...

Would it be that you thought you could just wave your arms and now having being called on your supposed recolection you are back tracking?

I Suspect that might be the case with you going on to say,

They were two which I believed (and still believe) don't make sense in light of how critical systems are designed for airliners.

How about you mention some others that are there that do not fall into the "two" you "still believe"?

Dirk PraetJanuary 22, 2017 5:59 AM

@ MarkH

Those (like Bruce, it would seem) who place more trust based on the specifics of the situation, sources, and context, are inclined to accept the conclusion.

Mark, I don't understand why you are so upset by the fact that some of us here refuse to go along with the conclusion by the USG and IC that the Kremlin ordered the DNC hack, and which even the NSA is only "moderately confident" (read: are not entirely sure) about. By your own admission, the publicly available evidence currently does not support that conclusion beyond reasonable doubt, and to us is the minimal requirement for public accusation and retaliation on the international stage. There is no denying either that both parties are known to have been wrong or lying about equally sensitive matters in the past. I again refer to the WMD narrative in the UN and DNI Clapper's "least untruthful" statements to the Senate in the surveillance debate.

Neither @Clive or me frantically deny the possibility that indeed the Russians were behind it. But with what is currently on the table, we consider the likelihood fifty-fifty at best. Unless you think of us as Russian agents or clueless idiots, why is it so difficult for you to just accept this dissent as a minority report instead of getting all worked up and personal about it?

MarkHJanuary 22, 2017 7:02 AM

@Dirk:

Actually, I'm not upset about any individual's acceptance or non-acceptance of the conclusions of US intelligence. As I wrote above, your opinions and mine are based on information available to all the world's readers, and are of no inherent value.

Politically, the judgment of great masses of people -- and more importantly, how strongly they feel about it -- is something that in the fullness of time governments need to consider.

Individual opinions? So much cheeto dust.
_____________________________________________

Some of the positions I have seen advocated here along the path of argument and analysis, however, go rather beyond the realm of opinion. These include inferences from data, generalizations about what is valid or how things work, and prescriptions of how various parts of the world are supposed to operate.

Unlike, "do I trust these guys?" the answer to which is to some extent a matter of faith (as in, not far removed from religion), the other propositions may be objectively valid or invalid, practicable or infeasible.

They have included the Truly Preposterous.

I respect the right of anyone to believe what they choose -- in my country, this right is essentially enshrined in our written constitution. At the same time, when someone spouts codswallop, my natural reflex is to poke holes in it and let the gas escape :)

FigureitoutJanuary 22, 2017 10:59 AM

MarkH
Given the reality that almost all software is done at quality levels bordering on criminal negligence
--Citation needed. Software is also a scapegoat used as a last resort for masking hardware design flaws. More typical spouting off at the mouth, not knowing what you're talking about. If that were true we'd see more problems. Practice what you preach and stay in your lane.

MarkHJanuary 27, 2017 4:16 PM

The Intellectual Arrogance of Geeks, Part III

In a modest attempt at balance, I include an example from a non-technical person whom I nonetheless classify as a geek: a specialist in environmental protection who has accomplished some very good work, is exceedingly intelligent, expert in his specialization, and also a "renaissance man" with impressive depth in unrelated endeavours.

When he decided to start a course of environmental litigation (multiple independent lawsuits), he announced that he would operate pro se (without attorney representation or even advice). He told me, "I've watched lawyers work, it doesn't look that hard."

To add to the challenges, he based his suits on an obscure law which (as far as we could discover) had been referenced only once before in any court case.

I won't bore you with the details. Those with some experience of adversarial proceedings in law can pretty well paint the picture in their imaginations.
_____________________________________________

An intriguing example comes from a friend and colleague (an engineer of long experience), who is very intelligent, widely read, and deeply thoughtful.

Discussing an historical event of persons exposed to soil contaminated with dangerous radionuclides, my colleague expressed doubts about medical assessments of the health risks to those who were exposed. The assessed risk was less than either of us would have expected.

The basis of his doubts, was that the health science pertaining to ionizing radiation exposure may be OK for exposure from external sources, but "miss out" on the effects of radioactive material taken into the body.

Again, this is an area in which I have read a number of articles (and heated discussions) over the years, though I consider my knowledge miniscule. Based on what I do know, I expected that the radiation health assessments are probably on a pretty sound footing.

Since that dialogue, I found a survey article which identified an impressive number of accidental exposures and health studies based on them. For good or ill, there have been MANY examples (and varieties) of ingestion or inhalation of radioactive materials since the dangers of ionizing radiation were first understood.

In addition to those accidents, intentional ingestion/injection of radionuclides into patients is a component of medical tests administered to vast numbers.

In fact, the understanding of the effects of in-body radioactive exposure is advanced, and based on impressive quantities of good data.

But interestingly, my smart-geek colleague seemed to imagine, "the medical researchers who specialize in this may have missed something Really Important."

In other words, there is a plenty of good domain knowledge out there. My smart friend didn't take the time to check it out, and assumed a "skeptical" attitude based on lack of knowledge.
_____________________________________________

What makes my colleague's doubting-of-the-experts especially interesting to me, is that he is as concerned about anthropogenic global warming (AGW) as any person I know.

AGW "skeptics" (I use quotes because many of them are not skeptics in any reasonable sense), some of whom seem quite sincere, often say "sure that's what the scientists say, but have they thought of _____?????" (Fill in the blank with any one of a dozen or two "alternative explanations" for the appearance or actuality of warming.)

One of my favorites -- because it is so God-awful stupid -- is "yes, but have they considered that the sun's power varies????" I've actually seen this exact objection multiple times.

What is awesome about this question, is the presumption that the hundreds of scientists actively studying climate change for decades might never have considered their "alternative explanation." Whoa! The sun's output changes over time! OMG, we NEVER considered that this might affect temperatures!

What clearer example of intellectual arrogance? I who evidently know nothing about the domain, cast doubt on the conclusions of the domain experts, on the basis of my imagining that they have been negligent in their work.

It doesn't take many minutes of web-search to find lists of non-climate factors which could skew data, and non-anthropogenic causes which could account for the rising trend of surface temperatures, which were exhaustively analyzed, and then compensated or eliminated on the way to concluding that industrial activity is the very likely cause.

C U AnonJanuary 27, 2017 4:39 PM

@MarkH : Drop your thesis in the round receptical by the door as you are passing, and take care the door does not hit you on your way out.

Dirk PraetJanuary 27, 2017 5:36 PM

@ C U Anon

... and take care the door does not hit you on your way out.

The correct Texan idiomatic expression would be "Don't let it hit ya where the Good Lord split ya".

@ MarkH

About 97% of subject matter experts agree that the current global warming is man-made. Whether or not that acquaintance of yours had the knowledge, expertise or intellectual prowess to come to the same conclusion is pretty much irrelevant.

MarkHJanuary 28, 2017 3:28 AM

@Dirk:

What's interesting to me about the example of my friend isn't whether he agrees or disagrees with the domain experts.

It's that he probably finds it really frustrating when people dispute the conclusions of the climate-domain experts on the basis of their own lack of knowledge ...

... but makes the same silly mistake with respect to the domain of radiation health science.
_____________________________________________

I suppose that most of us who make our living as "geeks" are frequently exercising our analytical capacities, reasoning with care and caution, gathering factual information prior to decisions in order to ensure their correctness.

If we're not getting it right most of the time, we're probably getting some pretty loud feedback about getting it wrong.

It seems to me that people who work this way develop a degree of confidence in our ability to "figure it out" and understand how and why things happen.

We might even believe that we are better at this kind of thing than the guy down the street who cleans out drains for his living.
_____________________________________________

I suggest that it is both inherently interesting, and potentially very consequential, that people with highly developed analytical abilities so easily fall into such severe errors ...

... without any awareness of doing so!


PS Ha-uw ded y'all larn y'sef sech gud Teksun?

Clive RobinsonJanuary 28, 2017 5:16 AM

@ MarkH,

If we're not getting it right most of the time, we're probably getting some pretty loud feedback about getting it wrong.

In your case you've put a commer in the wrong place. It should be after "right" not after "time". Oh and in your case you could change "probably" to "definitely".

MarkHJanuary 28, 2017 6:03 AM

From the New York Times:

"Two Russian intelligence officers who worked on cyberoperations and a Russian computer security expert have been arrested and charged with treason for providing information to the United States, according to multiple Russian news reports."

If true, this might help to account for the confidence level of attribution made by the US intelligence community ... n'est-ce pas?

"one current and one former United States official, speaking about the classified recruitments on condition of anonymity, confirmed that human sources in Russia did play a crucial role in proving who was responsible for the hacking.
The former official said the agencies were initially reluctant to disclose their certainty about the Russian role for fear of setting off a mole hunt in Moscow."

If true, this might help to account for the infuriating failure of the US intelligence community to publish all of their evidence ... n'est-ce pas?

Dirk PraetJanuary 28, 2017 6:20 AM

@ MarkH

PS Ha-uw ded y'all larn y'sef sech gud Teksun?

One of my friends is a Texas artist who is running an art gallery in our neigbourhood.

MarkHJanuary 28, 2017 6:42 AM

@Clive:

I am famously idiosyncratic in my deployment of commers ;)
_____________________________________________

A surprisingly good book about how to write double-edged letters of recommendation for dreadful former employees recommends a device called (if I recall correctly) the "quomma."

This is a comma written poorly enough that it's not quite clear whether a comma is there or not. Symbolizing the quomma by [,] I offer a paraphrase from the book for a letter about a drunk:

"The amount of work he accomplished[,] while staggering[,] was well below the limits of his ability."
_____________________________________________

On a more serious note, I'm trying to explore how Really Smart People (a) make Really Silly Errors, and then (b) resist the prudent next step of concluding "that didn't go so well, maybe time to consider a refinement to my approach."

If you're thinking that I consider as examples a small number of comments here by a guy calling himself "Clive," well, you're correct in that. This fellow writes quite a lot of comments, so the proportion under my magnifier is exceedingly minute.

However, this is not at all personal. I recognize your encyclopaedic knowledge, obvious acumen, and accumulated wealth of experience. I know you're a good person who wishes people well.

Many other folks here make the same kinds of error. I am fully certain that I do, though I try very conscientiously to resist it.

For me, it's trivial that pathological liars, or people with depraved indifference to truth (like Trump) say things that are false. Likewise, people deficient in education and developed intellectual capacity reach foolish conclusions all the time. No surprise there!

What I'm trying to explore is how people equipped with a wealth of knowledge, intellect, and personal integrity fall into error-pits from which they often don't escape.

Really, I like you Mr Robinson. As I have observed before, I estimate that we are probably close in age, and share some kinds of tech experience that must seem remote and mystifying to the young whippersnappers of the technological world.
_____________________________________________

As I approach my 60th birthday, I still consider myself a "boy scientist." I deeply want to learn the truth of how things work.

When I misstate facts, I welcome correction. That's part of how I learn.

When I come to wrong conclusions, I hope that I balance defending my Undoubted Brilliance with a humble desire to understand just where my wheels went off the track.

In my work as a software engineer, the tools of my trade are constantly reminding me of mistakes I made. Likewise, almost all the defects exposed in testing my products are evidence of my own mistakes.

I approach truth with a fierce passion to get it right, and a frequently reinforced humility about my capacity to get it wrong.

Clive RobinsonJanuary 28, 2017 7:46 AM

@ MarkH,

If true, this might help to account for the infuriating failure of the US intelligence community to publish all of their evidence ... n'est-ce pas?

Yes and no... It might be a case that the Russian's have as they often do had US spies or those who could be made to look like spies sitting on their list untill an opportune moment, to get good political advantage comes along (this goes back further than the Berlin Spy Tunnel incident).

The fact we have been told/lead to belive from what has been said that in the case of one of those arrested that his arrest relates to an incident long prior to his current employment suggests it should be viewed with caution. That is this may well be a case of the Russian's sending a "political message" more than anything else, and that it probably does not relate to any of the more recent activities that gave rise to the publication of the DNC emails by Wikileaks.

But I unlike our host have quite a low opinion of the NYT these days, as what was once a thoughtful and well researching editorial team appear to have been replaced with advertising revenue by "click bait" marketing types, which appears to have happened as a result of the appointment of a thoroughly disliked senior from the UKs BBC, who --according to some he left behind-- jumped before he was pushed.

Plus I have a suspicion I've expresed befor about one of the major public share holders of the NYT Carlos Slim. Who is a Mexican Communications Magnet, for whom there has repeatedly been stories about how he came by his prominence and fortune involving both mexixan political and cartel members etc. It's also been indicated that his influance on the NYT is rather more than just his public share holding.

Thus currently the interests of Mexico and the Democrats appear to have aligned, which colours the NYT supposed independent POV... In effect the story could be seen as one aimed not at the truth of the DNC leak but at Donald Trump. Who it's been indicated is thinking of taking to court the two MSM outlets that made public stories about the dodgy dossier from an ex MI6/SiS analyst. One of these outlets being the NYT...

So as far as I'm concerned there is one heck of a lot of mud in the water and very probably blood as well and the mud is hiding much that needs to be seen clearly before a rational thought process can have a chance to work out the truth or falsehoods of what is happening.

PaulFebruary 12, 2017 5:51 PM

Bruce, I stopped reaching when you said "I only became convinced when the New York Times ran a story". Isn't the NYT pretty much a discredited news source? Remember the Iraq war debacle etc? Seems like NYT is more a wing of the Pentagon.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.