Author Topic: Cyber attacks/defence/incdents (merged)  (Read 16082 times)

0 Members and 1 Guest are viewing this topic.

Offline E.R. Campbell

  • Retired, years ago
  • Army.ca Subscriber
  • Army.ca Myth
  • *
  • 455,180
  • Rate Post
  • Posts: 18,061
Re: Cyber attacks/defence/incdents (merged)
« Reply #25 on: January 21, 2011, 19:15:36 »
It's a bit odd, but my guess is that the "first part," the "payload" which was described as being "complex, well designed and effective [and showed the designers had] both the expertise and access to the nuclear equipment necessary to test the virus" was, likely made in Israel. The placing and execution processes, which "included many errors and were poorly protected from surveillance" smacks of the CIA.
It is ill that men should kill one another in seditions, tumults and wars; but it is worse to bring nations to such misery, weakness and baseness
as to have neither strength nor courage to contend for anything; to have nothing left worth defending and to give the name of peace to desolation.
Algernon Sidney in Discourses Concerning Government, (1698)
----------
Like what you see/read here on Army.ca?  Subscribe, and help keep it "on the air!"

Offline Cloud Cover

  • Army.ca Veteran
  • *****
  • 13,090
  • Rate Post
  • Posts: 3,196
Re: Cyber attacks/defence/incdents (merged)
« Reply #26 on: January 21, 2011, 20:37:13 »
It's a bit odd, but my guess is that the "first part," the "payload" which was described as being "complex, well designed and effective [and showed the designers had] both the expertise and access to the nuclear equipment necessary to test the virus" was, likely made in Israel. The placing and execution processes, which "included many errors and were poorly protected from surveillance" smacks of the CIA.
Placing= installation subroutines which seems to mean they buried it into some other application that was known as a certainty to be installed or more likely an update to existing software.
Poorly protected from surveillance- the encryption was probably somehow compromised, perhaps even the key was in the open or the implementation algorithim was dated.
It is likely they they used a telecommunications spyware company to send the payload, similar to what SS8 and the government of the United Arab Emirates tried to do 2 years  ago to encrypted BlackBerry smartphones. [In the case of SS8, while it worked, the spyware rapidly and simultaneously drained the batteries of tens of thousands of BlackBerry's, thus alerting the users to the fact their devices were constantly forwarding data off the device.]     
You're right. I Never  Met A Motherfucker Quite Like You, or someone as smart as you.  Never ever will, either.

Online SeaKingTacco

  • Army.ca Veteran
  • *****
  • 104,105
  • Rate Post
  • Posts: 4,349
  • Door Gunnery- The Sport of Kings!
Re: Cyber attacks/defence/incdents (merged)
« Reply #27 on: January 21, 2011, 20:47:47 »
A while back I had read (can't remember where) an article where it was speculated that stuxnet was introduced to the area of Iran where the enrichment plant is located, embedded in another piece of common software.  Since Iran maintains an air gap around the computers controlling the centrifuge's (that is to say- totally unconnected to the internet or any other network), the perpetrators simply waited for the natural to happen- someone carried it into work on a stick and infected the control system by accident.

An interesting theory, but it sure leaves a lot to chance.

Offline Cloud Cover

  • Army.ca Veteran
  • *****
  • 13,090
  • Rate Post
  • Posts: 3,196
Re: Cyber attacks/defence/incdents (merged)
« Reply #28 on: January 21, 2011, 21:10:24 »
someone carried it into work on a stick and infected the control system by accident.


We've been given free 8GB media cards, USB sticks, wireless mouses, usb reading lights, usb powered personal fans etc by media companies, journalists, law firms, vendors, telecom companies, recruiters and headhunters etc. We generally regift these in places like India and Saudi Arabia :)   

I was once given a coffee mug which in the bottom held a retractable USB cord to plug in to a computer to keep coffee warm [a java java so to speak.]     When our hardware guy took the mug apart it had not one but 2 microphones, a memory card containing key logging software, and some other malware.   We put it back together, ran it through the dishwasher and sent it back to the TRA a Star of David sticker decal inside it.     
You're right. I Never  Met A Motherfucker Quite Like You, or someone as smart as you.  Never ever will, either.

Offline Hamish Seggie

  • Army.ca Fixture
  • *****
  • 209,657
  • Rate Post
  • Posts: 9,573
  • This is my son Michael, KIA Afghanistan 3 Sep 08
Re: Cyber attacks/defence/incdents (merged)
« Reply #29 on: January 21, 2011, 21:30:58 »
This sounds like Tom Clancy stuff....wow...intriguing....

I'm infantry so anything shiny intrigues me.
Freedom Isn't Free   "Never Shall I Fail My Brothers"

“Do everything that is necessary and nothing that is not".

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #30 on: January 21, 2011, 21:59:47 »
We've been given free 8GB media cards, USB sticks, wireless mouses, usb reading lights, usb powered personal fans etc

Photo:
How the stuxnet virus spread

                               (Reproduced under the Fair Dealings provisions of the Copyright Act)


spelling
« Last Edit: January 21, 2011, 22:27:25 by 57Chevy »

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #31 on: February 17, 2011, 21:57:40 »
U.N: Iran nuke plant recovered from attack
The Iranian nuclear plant at Natanz recovered quickly from a computer attack that led to major equipment breakdown, the U.N. nuclear watchdog says.

The Washington Post said Wednesday it has obtained a draft copy of a report by the International Atomic Energy Agency in Vienna. The report is expected to say production at the Natanz enrichment plant is now above what it was before the attack.

The plant was attacked by a computer worm, Stuxnet, that appears to have been designed to spread harmlessly from computer to computer until it reached machines configured like those at Natanz. IAEA cameras installed at the plant show that about 10 percent of the centrifuges had to be replaced.

"While it has delayed the Iranian centrifuge program at the Natanz plant in 2010 and contributed to slowing its expansion, it did not stop it or even delay the continued buildup of low-enriched uranium," the Institute for Science and International Security said in the report.
                                                    __________________________
More detailed article:
Iran Nuclear Facility Recovers From Cyberattack
                                   (Reproduced under the Fair Dealings provisions of the Copyright Act)

Photo:
The Siemens Simatic S7-300 PLC CPU a target of the virus

Offline Thucydides

  • Army.ca Legend
  • *****
  • 181,790
  • Rate Post
  • Posts: 13,155
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #32 on: September 16, 2016, 01:12:08 »
While we have been hearing warnings about possible terrorist or other threat attacks against our infrastructure, this is taking cyberwar to a much higher level. Rather than attacking infrastructure through delivering malware (much like SUXNET was used to temporarily cripple Iranian nuclear ambitions, and how "smart grids" and the Internet of Things" is potentially very vulnerable to hacking), this article suggests the very infrastructure of the Internet itself could be targeted for attack. Workarounds if the Internet is crippled could be difficult to impossible depending on the system:

https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html

Quote
Someone Is Learning How to Take Down the Internet

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."

There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won't see any attribution.

But this is happening. And people should know.

This essay previously appeared on Lawfare.com.

EDITED TO ADD: Slashdot thread.

EDITED TO ADD (9/15): Podcast with me on the topic.
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Online MilEME09

  • Army.ca Veteran
  • *****
  • 32,430
  • Rate Post
  • Posts: 1,391
Re: Cyber attacks/defence/incdents (merged)
« Reply #33 on: September 16, 2016, 01:29:30 »
It's just like the internet has two planes of existance, the main stream internet as we know it, and then there is the deep, and dark web. There is much online we don't know about, and much to fear about whos lurking in the dark parts of the internet
"We are called a Battalion, Authorized to be company strength, parade as a platoon, Operating as a section"

Offline Thucydides

  • Army.ca Legend
  • *****
  • 181,790
  • Rate Post
  • Posts: 13,155
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #34 on: October 22, 2016, 13:49:27 »
The massive cyber attack that took down large internet sites on 21 Oct 2016 could well have been a bonnet attack from unsecured devices on the "Internet of Things". The question is still "who" is behind this?

http://www.popularmechanics.com/technology/infrastructure/a23504/mirai-botnet-internet-of-things-ddos-attack/

Quote
Hackers Wrecked the Internet Using DVRs and Webcams
Hackers Took Down A Huge Chunk Of The Internet This Morning
By Eric Limer
Oct 21, 2016

The internet has been on shaky footing for the better part of Friday thanks to a large-scale attack on a company that runs a large portion of crucial internet infrastructure. It's still too early to know exactly who is behind the attack, but experts have begun to pin down which devices are doing the bulk of the work. It's not computers, but devices from the so-called Internet of Things. We're talking smart fridges, web cams, and DVRs. It may sound funny, being attacked by refrigerators, but don't laugh. It's actually horrifying.

The current assault against Dyn is one of the simplest in a hacker's playbook. The distributed denial of service attack (DDoS) doesn't require breaking into a target's computers or finding any secret weakness. Instead, it involves simply pummeling them with so much traffic they can't possibly keep up. Hackers executing a DDoS call upon millions of machines under their control and command them to ask the target for so many things all at once that the target all but melts down under the strain.

If you visualize it, it looks a little like this:

Executing a DDoS is simple, but only if you have millions of computers at your disposals. These computers—often known as "zombies"—are machines that have been compromised by some sort of virus or malware. This malware doesn't totally disable the computer, but just sits there waiting for the order to attack a target, as part of a swarm called a botnet.

Building a botnet can be a painstaking process. There are plenty of vulnerable computers in the world, but also plenty of people who take reasonably good care of their trusty phone or laptop, protecting it from infection. However, over the past five years or so, the Internet of Things has introduced millions upon millions of newly internet-connected devices—like DVRs and cameras and smart fridges and thermostats—that hackers can add to their swarms with terrifying ease.

The potential problem has been bubbling up for months, but reached a peak earlier this month when the source code for something called the "Mirai" botnet was released onto the web. Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.

HAVE YOU CHANGED THE PASSWORD ON YOUR SMART FRIDGE LATELY? I THOUGHT NOT.

The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.

These infected DVRs, along with a few thousand other gadgets, can drive ludicrous amounts of traffic. Devices compromised by this malware were responsible for a 620Gbps attack against the security website Krebs on Security in September, the biggest DDoS the world had ever seen, at the time. Reports from the security firm Flashpoint, by way of Brian Krebs, suggest that it is a botnet based on exactly this technology that is responsible for today's outages, and Dyn has since confirmed this suspicion to TechCrunch.

Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne'er-do-well to use. Today's attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we've ever seen blast the web.

The most terrifying part: This is probably only the beginning.

edit to add:

http://gizmodo.com/todays-brutal-ddos-attack-is-the-beginning-of-a-bleak-f-1788071976

Quote
Today's Brutal DDoS Attack Is the Beginning of a Bleak Future
William Turton

This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.

Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldn’t be able to read the leaked Clinton emails on Wikileaks. Others think it’s the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, we’re entering a new era.

DDoS attacks, at the most basic level, work like this. An attacker sends a flurry of packets, essentially just garbage data, to an intended recipient. In this case, the recipient was Dyn’s DNS servers. The server is overwhelmed with the garbage packets, and can’t handle the incoming connections, eventually slowing down significantly or totally shutting down. In the case of Dyn, it was probably a little more complex than this. Dyn almost certainly has advanced systems for DDoS mitigation, and the people who attacked Dyn (whoever they are) were probably using something more advanced than a PC in their mom’s basement.

Recently, we’ve entered into a new DDoS paradigm. As security blogger Brian Krebs notes, the newfound ability to highjack insecure internet of things devices and turn them into a massive DDoS army has contributed to an uptick in the size and scale of recent DDoS attacks. (We’re not sure if an IoT botnet was what took down Dyn this morning, but it would be a pretty good guess.)

We are nevertheless getting a taste of what the new era of DDoS attacks look like, however. As security expert Bruce Schneier explained in a blog post:

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

This sort of attack is deeply different than the headline-grabbing DDoS attacks of years past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to today’s attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morning—not once but twice. That’s huge.

If hackers are more easily able to amass extensive DDoS botnets, that means the internet as we know it becomes more vulnerable. Attacking major internet infrastructure like Dyn has always been a possibility, but if it becomes easier than ever to launch huge DDoS attacks, that means we might be seeing some of our favorite sites have more downtime than usual. These attacks could extend to other major pieces of internet infrastructure, causing even more widespread outages.

This could be the beginning of a very bleak future. If hackers are able to take down the internet at will, what happens next? It’s unclear how long it could take for the folks at Dyn to fix this problem, or if they will ever be able to solve the problem of being hit with a huge DDoS attack. But this new breed of DDoS attacks is a scary problem no matter how you look at it.
« Last Edit: October 22, 2016, 14:42:50 by Thucydides »
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #36 on: June 28, 2017, 07:23:13 »
Statement by CSE on latest attacks ...
Quote
CSE continues to closely monitor the recent global cyber/ransomware attacks. As we have seen in recent attacks, today’s attacks continue to indiscriminately target both organizations and individuals.

Our dynamic cyber defence security systems remain ready to defend Government of Canada systems and help protect against future types of similar attacks.

Working with Shared Services Canada and our other partners, Government of Canada networks continue to be well placed to defend against these types of attacks. Thanks to this work, there is no indication at this time that Government of Canada systems were negatively impacted, and that any information, personal or otherwise, was compromised.

As the situation continues to develop, we remain in close contact with our domestic and international partners ‎to address any developments. In addition, we will ensure all relevant information and guidance that is available to CSE is provided to our partners at Public Safety Canada to relay to the private sector.

As always, CSE would like to use this occasion to remind all Canadians as well as organizations to review and implement our Top 10 IT security actions which will go a long way to protect you or your organization from similar attacks in the future. In addition, please check out this month’s addition of CSE’s Cyber Journal to learn more about ransomware.

Thank you.

Greta Bossenmaier
Chief, Communications Security Establishment
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #37 on: June 29, 2017, 10:05:31 »
A possible NATO Article 5?  This from the SecGen at a NATO news conference yesterday ...
Quote
... The cyber attacks we saw in May but also, we have seen this week just underlines the importance of strengthening our cyber defenses, and that’s exactly what NATO is doing. We are implementing our cyber defense pledge which is ensuring that we are strengthening the cyber defenses of both NATO networks but also helping NATO allies to strengthen their cyber defenses. We exercise more, we share best practices and technology and we also work more and more closely with all allies looking into how we can integrate their capabilities, strengthening NATO’s capability to defend our networks. We have also decided that a cyber attack can trigger Article 5 and we have also decided and we are in the process of establishing cyber as a military domain meaning that we will have land, air, sea and cyber as military domains. All of this highlights the advantage of being an alliance of 29 allies because we can work together, strengthen each other and and learn from each other ...
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #38 on: July 13, 2017, 07:08:35 »
"Mass GPS Spoofing Attack in Black Sea?" ...
Quote
An apparent mass and blatant, GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads.

The event first came to public notice via a relatively innocuous safety alert* from the U.S. Maritime Administration:

A maritime incident has been reported in the Black Sea in the vicinity of position 44-15.7N, 037-32.9E on June 22, 2017 at 0710 GMT. This incident has not been confirmed. The nature of the incident is reported as GPS interference. Exercise caution when transiting this area.

But the backstory is way more interesting and disturbing. On June 22 a vessel reported to the U.S. Coast Guard Navigation Center:

GPS equipment unable to obtain GPS signal intermittently since nearing coast of Novorossiysk, Russia. Now displays HDOP 0.8 accuracy within 100m, but given location is actually 25 nautical miles off; GPS display…

After confirming that there were no anomalies with GPS signals, space weather or tests on-going, the Coast Guard advised the master that GPS accuracy in his area should be three meters and advised him to check his software updates.

The master replied:

Thank you for your below answer, nevertheless I confirm my GPS equipment is fine.

We run self test few times and all is working good.

I confirm all ships in the area (more than 20 ships) have the same problem.

I personally contacted three of them via VHF, they confirmed the same.

Sometimes, position is correct, sometimes is not.

GPS sometimes looses position or displays inaccurate position (high HDOP).

For few days, GPS gave a position inland (near Gelendyhik aiport) but vessel was actually drifting more than 25 NM from it.

Important: at that time, GPS system considered the position as "Safe within 100m".

See attached.

Then last night, position was correct despite several "lost GPS fixing position" alarm that raised couples seconds only; then signal was back to normal.

Now position is totally wrong again.

See attached pictures that I took on 24 June at 05h45 UTC (30 min ago).

Note: you can also check websites like MarineTraffic and you will probably notice that once in a while all ships in the area are shifting inland next to each other.

I hope this can help.

To back up his report, the master sent photos of his navigation displays, a paper chart showing his actual position and GPS-reported position, and his radar display that showed numerous AIS contacts without corresponding radar returns ...
* - Alert attached.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline Thucydides

  • Army.ca Legend
  • *****
  • 181,790
  • Rate Post
  • Posts: 13,155
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #39 on: July 29, 2017, 17:06:50 »
Doing it the old fashioned way: getting Kompromat on key people to gain access and physically stealing the devices for downloading. Given the connections that Debbie Wasserman-Schultz had too the various unsavoury goings on during the Democrat primaries, outside of access to secret and sensitive materials, it isn't difficult to speculate the case officer (wherever he is) has all kinds of dirt on a lot of the Washington political establishment. No wonder the media seems determined to avoid this story at all costs:

http://www.nationalreview.com/article/449983/debbie-wasserman-schultz-pakistani-computer-guys-bank-fraud

Quote
Debbie Wasserman Schultz and the Pakistani IT Scammers
by ANDREW C. MCCARTHY   July 29, 2017 4:00 AM

There’s more than bank fraud going on here. In Washington, it’s never about what they tell you it’s about. So take this to the bank: The case of Imran Awan, Debbie Wasserman Schultz’s mysterious Pakistani IT guy, is not about bank fraud.

Yet bank fraud was the stated charge on which Awan was arrested at Dulles Airport this week, just as he was trying to flee the United States for Pakistan, via Qatar. That is the same route taken by Awan’s wife, Hina Alvi, in March, when she suddenly fled the country, with three young daughters she yanked out of school, mega-luggage, and $12,400 in cash.

By then, the proceeds of the fraudulent $165,000 loan they’d gotten from the Congressional Federal Credit Union had been sent ahead. It was part of a $283,000 transfer that Awan managed to wire from Capitol Hill. He pulled it off — hilariously, if infuriatingly — by pretending to be his wife in a phone call with the credit union. Told that his proffered reason for the transfer (“funeral arrangements”) wouldn’t fly, “Mrs.” Awan promptly repurposed: Now “she” was “buying property.” Asking no more questions, the credit union wired the money . . . to Pakistan.

As you let all that sink in, consider this: Awan and his family cabal of fraudsters had access for years to the e-mails and other electronic files of members of the House’s Intelligence and Foreign Affairs Committees. It turns out they were accessing members’ computers without their knowledge, transferring files to remote servers, and stealing computer equipment — including hard drives that Awan & Co. smashed to bits of bytes before making tracks.

They were fired in February. All except Awan, that is. He continued in the employ of Wasserman Schultz, the Florida Democrat, former DNC chairwoman, and Clinton crony. She kept him in place at the United States Congress right up until he was nabbed at the airport on Monday.

This is not about bank fraud. The Awan family swindles are plentiful, but they are just window-dressing. This appears to be a real conspiracy, aimed at undermining American national security. At the time of his arrest, the 37-year-old Imran Awan had been working for Democrats as an information technologist for 13 years. He started out with Representative Gregory Meeks (D., N.Y.) in 2004. The next year, he landed on the staff of Wasserman Schultz, who had just been elected to the House. Congressional-staff salaries are modest, in the $40,000 range. For some reason, Awan was paid about four times as much. He also managed to get his wife, Alvi, on the House payroll . . . then his brother, Abid Awan . . . then Abid’s wife, Natalia Sova. The youngest of the clan, Awan’s brother Jamal, came on board in 2014 — the then-20-year-old commanding an annual salary of $160,000.

A few of these arrangements appear to have been sinecures: While some Awans were rarely seen around the office, we now know they were engaged in extensive financial shenanigans away from the Capitol. Nevertheless, the Daily Caller’s Luke Rosiak, who has been all over this story, reports that, for their IT “work,” the Pakistani family has reeled in $4 million from U.S. taxpayers since 2009. That’s just the “legit” dough. The family business evidently dabbles in procurement fraud, too. The Capitol Police and FBI are exploring widespread double-billing for computers, other communication devices, and related equipment.

Why were they paid so much for doing so little? Intriguing as it is, that’s a side issue. A more pressing question is: Why were they given access to highly sensitive government information? Ordinarily, that requires a security clearance, awarded only after a background check that peruses ties to foreign countries, associations with unsavory characters, and vulnerability to blackmail. These characters could not possibly have qualified. Never mind access; it’s hard to fathom how they retained their jobs. The Daily Caller has also discovered that the family, which controlled several properties, was involved in various suspicious mortgage transfers. Abid Awan, while working “full-time” in Congress, ran a curious auto-retail business called “Cars International A” (yes, CIA), through which he was accused of stealing money and merchandise. In 2012, he discharged debts in bankruptcy (while scheming to keep his real-estate holdings). Congressional Democrats hired Abid despite his drunk-driving conviction a month before he started at the House, and they retained him despite his public-drunkenness arrest a month after. Beyond that, he and Imran both committed sundry vehicular offenses. In civil lawsuits, they are accused of life-insurance fraud.

Congressional Democrats hired Abid despite his drunk-driving conviction a month before he started at the House, and they retained him despite his public-drunkenness arrest a month after. Democrats now say that any access to sensitive information was “unauthorized.” But how hard could it have been to get “unauthorized” access when House Intelligence Committee Dems wanted their staffers to have unbounded access? In 2016, they wrote a letter to an appropriations subcommittee seeking funding so their staffers could obtain “Top Secret — Sensitive Compartmented Information” clearances. TS/SCI is the highest-level security classification.

Awan family members were working for a number of the letter’s signatories. Democratic members, of course, would not make such a request without coordination with leadership. Did I mention that the ranking member on the appropriations subcommittee to whom the letter was addressed was Debbie Wasserman Schultz?

Why has the investigation taken so long? Why so little enforcement action until this week? Why, most of all, were Wasserman Schultz and her fellow Democrats so indulgent of the Awans?

The probe began in late 2016. In short order, the Awans clearly knew they were hot numbers. They started arranging the fraudulent credit-union loan in December, and the $283,000 wire transfer occurred on January 18. In early February, House security services informed representatives that the Awans were suspects in a criminal investigation. At some point, investigators found stolen equipment stashed in the Rayburn House Office Building, including a laptop that appears to belong to Wasserman Schultz and that Imran was using. Although the Awans were banned from the Capitol computer network, not only did Wasserman Schultz keep Imran on staff for several additional months, but Meeks retained Alvi until February 28 — five days before she skedaddled to Lahore.

Strange thing about that: On March 5, the FBI (along with the Capitol Police) got to Dulles Airport in time to stop Alvi before she embarked. It was discovered that she was carrying $12,400 in cash. As I pointed out this week, it is a felony to export more than $10,000 in currency from the U.S. without filing a currency transportation report. It seems certain that Alvi did not file one: In connection with her husband’s arrest this week, the FBI submitted to the court a complaint affidavit that describes Alvi’s flight but makes no mention of a currency transportation report. Yet far from making an arrest, agents permitted her to board the plane and leave the country, notwithstanding their stated belief that she has no intention of returning.

Many congressional staffers are convinced that they’d long ago have been in handcuffs if they pulled what the Awans are suspected of. Nevertheless, no arrests were made when the scandal became public in February. For months, Imran has been strolling around the Capitol. In the interim, Wasserman Schultz has been battling investigators: demanding the return of her laptop, invoking a constitutional privilege (under the speech-and-debate clause) to impede agents from searching it, and threatening the Capitol Police with “consequences” if they don’t relent. Only last week, according to Fox News, did she finally signal willingness to drop objections to a scan of the laptop by federal investigators.

Her stridency in obstructing the investigation has been jarring. As evidence has mounted, the scores of Democrats for whom the Awans worked have expressed no alarm. Instead, we’ve heard slanderous suspicions that the investigation is a product of — all together now — “Islamophobia.” But Samina Gilani, the Awan brothers’ stepmother, begs to differ. Gilani complained to Virginia police that the Awans secretly bugged her home and then used the recordings to blackmail her. She averred in court documents that she was pressured to surrender cash she had stored in Pakistan. Imran claimed to be “very powerful” — so powerful he could order her family members kidnapped.

We don’t know if these allegations are true, but they are disturbing. The Awans have had the opportunity to acquire communications and other information that could prove embarrassing, or worse, especially for the pols who hired them. Did the swindling staffers compromise members of Congress? Does blackmail explain why were they able to go unscathed for so long? And as for that sensitive information, did the Awans send American secrets, along with those hundreds of thousands of American dollars, to Pakistan? This is no run-of-the-mill bank-fraud case.
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #40 on: July 29, 2017, 18:37:32 »
At a more tactical level ...
Quote
Allies to hold training against N. Korea GPS attacks
Yonhap News Agency
2017/07/30 07:00


SEOUL, July 30 (Yonhap) -- South Korea and the United States plan to hold a joint military drill next month against a possible North Korean war operation to jam GPS signals, officials here said Sunday.

The practice will be staged as part of the Ulchi-Freedom Guardian (UFG), an annual combined defense exercise between the allies, aimed at improving their ability to locate and strike the origin of the North's wartime GPS attacks.

"A South Korea-U.S. joint team will be formed at the Korean Air and Space Operations Center headquartered at the Osan Air Base during the UFG in August for the exercise to respond to various scenarios," an Air Force official said.

Taking part in the task will be more than 60 officials from South Korea's Air Force and the U.S. Strategic Command's Joint Space Operations Center (JSpOC), he added ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #41 on: August 08, 2017, 07:37:40 »
A bit of Canada's contribution to the fight - shared under the Fair Dealing provisions of the Copyright Act (R.S.C., 1985, c. C-42) ......
Quote
White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner (Canada) Called Them “Morons”
Sam Biddle, The Intercept
August 2 2017, 1:07 p.m.


The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.



The competence of Russian hackers became a prominent issue once more last Sunday, when the president’s communications director Anthony Scaramucci — since removed from his post but quoting the president directly — said the following to Jake Tapper on CNN:

Quote
    “Somebody said to me yesterday, uh, I won’t tell you who, that if the Russians actually hacked this situation and actually spilled out those emails, you would have never seen it, you would have never had any evidence of them, meaning they’re super confident in their deception skills and hacking.”

Seconds later, Scaramucci revealed his anonymous technical source on the matter to have been Donald Trump himself.

It’s one thing to question circumstantial evidence based on the expectation that Russian agents are too competent to leave such clues behind. But ruling out Russia on the basis of unforced errors alone flies in the face of the intelligence community’s experience with online operators from that country.

The CSE presentation, provided by NSA whistleblower Edward Snowden, dates to no earlier than 2011, and describes the agency’s work tracking a set of Russian government-sponsored hackers codenamed MAKERSMARK. The MAKERSMARK team was believed by NSA “with a high level of confidence” to be sponsored by a Russian intelligence agency, according to a separate Snowden document originating with the NSA’s Special Source Operations division. The MAKERSMARK team was armed with a clever technical system to mask members’ identities and the location of their computers, thus (on paper, at least) making it less likely the attacks would be traced back to Russia.

CSE’s account of the Russian actors does not exactly jibe with the White House’s vision of ninja-like computer users. The agency presentation, prepared by a “cyber counter intelligence” agent focused on MAKERSMARK, highlights Russian hackers’ “misuse of operational infrastructure” and “poor OPSEC [operational security] practices,” both of which made it elementary for the Canadians to trace attacks back to their source. The document says Russian hackers were provided with “really well designed” systems with which to launch attacks, but because the execution was so shoddy, “this has not translated into security for MAKERSMARK operators.”



Put more bluntly, the Russian attacks CSE observed were “designed by geniuses” but “implemented by morons,” according to the presentation. MAKERSMARK hackers mixed their recreational internet habits with business, using “personal social networking” like Russia’s supremely popular Vkontakte from MAKERSMARK infrastructure, conducting personal web browsing there, and checking personal webmail accounts. The hackers also used the system for activities that are by definition deeply risky and “attributable,” like exfiltrating stolen data.

“This is not [computer network exploitation] best practices,” the report dryly concludes.

It didn’t help that the MAKERSMARK operators were, according to the presentation, infected by the “Gumblar” botnet that spread across the internet in 2009 in order to steal user credentials, covertly download further malware, and blast “pharmaceutical spam” to new victims. In other words, the hackers were hacked. So thoroughly did Russian hackers on MAKERSMARK expose themselves through sloppiness and poor judgment that Canadian analysts were able to detect their personal “interests” and “hobbies.”

CSE declined to comment on the document, other than to note that, “the document you referenced is dated and should not be considered reflective of the current reality.” Despite this claim, the agency asked The Intercept to redact a significant portion of the presentation on the grounds that it could jeopardize current operations. As well, it’s interesting and worth noting, however, that a 2017 NSA document previously published by The Intercept detailing Russia’s General Staff Main Intelligence Directorate’s (GRU) alleged attempts to infiltrate the American electoral system also flagged those hackers’ mixing of business and personal accounts while conducting their work. A 2016 joint report by the Department of Homeland Security and FBI claimed that GRU and FSB, the contemporary successor to the KGB, worked together to breach the DNC. The NSA did not comment.

All of this is to say that the commander-in-chief, privy to the full corpus of intelligence findings provided by the NSA and its allies in the “Five Eyes” intelligence-sharing alliance, including Canada, didn’t know what he was talking about. This isn’t new: One need only look back to the presidential debate wherein Trump famously remarked that the DNC perpetrator could be a bedridden “400-pound” hacker to know that he hasn’t ever taken this seriously. It’s also possible, given how fantastically impressionable Trump is, that the Too Good to Fail theory is based on something he heard recently — perhaps from Vladimir Putin himself, who in June speculated that the DNC hacker could’ve easily covered their tracks. No matter what, if he had any desire to actually know how sophisticated Russian state hackers are or have been in the past, the evidence is there for him to review.
+300
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #42 on: August 12, 2017, 12:00:05 »
"Mass GPS Spoofing Attack in Black Sea?" ...* - Alert attached.
A bit more on that from newscientist.com ...
Quote
Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.

On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.

After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected.

While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.

Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former president of the UK’s Royal Institute of Navigation ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline Chris Pook

  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 184,700
  • Rate Post
  • Posts: 11,813
  • Wha daur say Mass in ma lug!
Re: Cyber attacks/defence/incdents (merged)
« Reply #43 on: August 16, 2017, 11:13:27 »
From Salon - commenting on an article published the The Nation.

http://www.salon.com/2017/08/15/what-if-the-dnc-russian-hack-was-really-a-leak-after-all-a-new-report-raises-questions-media-and-democrats-would-rather-ignore/

Quote
TUESDAY, AUG 15, 2017 05:00 AM MST
What if the DNC Russian “hack” was really a leak after all? A new report raises questions media and Democrats would rather ignore
A group of intelligence pros and forensic investigators tell The Nation there was no hack— the media ignores it

DANIELLE RYAN SKIP TO COMMENTS 
TOPICS: CLINTON CAMPAIGN, CLINTON EMAILS, DEMOCRATIC NATIONAL COMMITTEE, DEMOCRATIC PARTY, DNC HACK, DNC LEAK, HILLARY CLINTON, INTELLIGENCE COMMUNITY, JULIAN ASSANGE, LEAKS, PARTNER VIDEO, RUSSIA ELECTION INTERFERENCE, RUSSIA HACK, RUSSIA INVESTIGATION, RUSSIA SCANDAL, RUSSIAN HACKING, THE NATION, WIKILEAKS, POLITICS NEWS, INNOVATION NEWS, TECHNOLOGY NEWS, NEWS

 
Last week the respected left-liberal magazine The Nation published an explosive article that details in great depth the findings of a new report — authored in large part by former U.S. intelligence officers — which claims to present forensic evidence that the Democratic National Committee was not hacked by the Russians in July 2016. Instead, the report alleges, the DNC suffered an insider leak, conducted in the Eastern time zone of the United States by someone with physical access to a DNC computer.

This report also claims there is no apparent evidence that the hacker known as Guccifer 2.0 — supposedly based in Romania — hacked the DNC on behalf of the Russian government. There is also no evidence, the report’s authors say, that Guccifer handed documents over to WikiLeaks. Instead, the report says that the evidence and timeline of events suggests that Guccifer may have been conjured up in an attempt to deflect from the embarrassing information about Hillary Clinton’s presidential campaign that was released just before the Democratic National Convention. The investigators found that some of the “Guccifer” files had been deliberately altered by copying and pasting the text into a “Russianified” word-processing document with Russian-language settings.

If all this is true, these findings would constitute a massive embarrassment for not only the DNC itself but the media, which has breathlessly pushed the Russian hacking narrative for an entire year, almost without question but with little solid evidence to back it up.

You could easily be forgiven for not having heard about this latest development — because, perhaps to avoid potential embarrassment, the media has completely ignored it. Instead, to this point only a few right-wing sites have seen fit to publish follow-ups.

The original piece, authored by former Salon columnist Patrick Lawrence (also known as Patrick L. Smith) appeared in The Nation on Aug. 9. The findings it details are supported by a group of strongly credentialed and well-respected forensic investigators and former NSA and CIA officials. The group call themselves Veteran Intelligence Professionals for Sanity, or VIPS, and originally came together in 2003 to protest the use of faulty intelligence to justify the invasion of Iraq under President George W. Bush.

As of Aug. 12, the only well-known publications that have followed up on The Nation’s reporting are Breitbart News, the Washington Examiner and New York magazine (which described Lawrence’s article as “too incoherent to even debunk,” and therefore provided no substantial rebuttal). Bloomberg addressed the report in an op-ed by one of its regular columnists.

The silence from mainstream outlets on this is interesting, if for no other reason than the information appears in a highly-regarded liberal magazine with a reputation for vigorous and thorough reporting — not some right-wing fringe conspiracy outlet carrying water for Donald Trump.


Maybe the logic goes that if mainstream journalists leave this untouched, that alone will be enough to discredit it. True believers in the Russian hack narrative can point to Breitbart’s coverage to dismiss this new information without consideration. That is not good enough. Lawrence’s article, and the report behind it, deserves some proper attention.

Let’s back up for a second. Where did this report come from?

As explained by Lawrence, VIPS has been examining available information about the DNC hack and/or leak, but the group lacked access to all the data they needed because intelligence agencies refused to provide it.

One of the VIPS researchers on the DNC case, William Binney — formerly the NSA’s technical director for world geopolitical and military analysis — suggested in an interview with Lawrence that intelligence agencies have been hiding the lack of evidence for Russian hacking behind the claim that they must maintain secrecy to protect NSA programs.

At the same time, other anonymous forensic investigators have been working independently on the DNC case. They recently began sharing their findings via an obscure website called Disobedient Media. One of those anonymous investigators is known as the Forensicator. A man named Skip Folden, an IT executive at IBM for 33 years and a consultant for the FBI, Pentagon and Justice Department, acted as a liaison between VIPS and the Forensicator. Folden and other investigators have examined the evidence, attested to its professionalism, and sent a detailed technical report to the offices of special counsel Robert Mueller and Attorney General Jeff Sessions. VIPS believes this new evidence fills a “critical gap” in the DNC case. In a memorandum sent to President Trump, VIPS questions why the FBI, CIA and NSA neglected to perform any forensic analysis of the Guccifer documents, which were central to the narrative of Russian hacking.

VIPS states two things with what they describe as a high degree of certainty: There was no Russian hack on July 5, and the metadata from Guccifer’s June 15 document release was “synthetically tainted” with “Russian fingerprints.”

How did the group come to the conclusion that it was a leak, not a hack?

Investigators found that 1,976 megabytes of data were downloaded locally on July 5, 2016. The information was downloaded with a memory key or some other portable storage device. The download operation took 87 seconds — meaning the speed of transfer was 22.7 megabytes per second — “a speed that far exceeds an internet capability for a remote hack,” as Lawrence puts it. What’s more, they say, a transoceanic transfer would have been even slower (Guccifer claimed to be working from Romania).

“Based on the data we now have, what we’ve been calling a hack is impossible,” Folden told The Nation.

Further casting doubt on the official narrative is the fact the the DNC’s computer servers were never examined by the FBI. Instead, the agency relied on a report compiled by Crowdstrike, a cybersecurity firm compromised by serious conflicts of interest — the major one being that the firm was paid by the DNC itself to conduct its work. Another is that the firm’s owner is a senior fellow at the Atlantic Council, a think tank known for its hostility toward Russia.

 

The Intelligence Community Assessment published in January of this year, which claims “high confidence” in the Russian hacking theory, presented no hard evidence. Yet many in the media have relied on it as proof ever since. Ray McGovern, another VIPS member and formerly the chief of the CIA’s Soviet Foreign Policy Branch, called that intelligence assessment a “disgrace” to the profession.

The VIPS report also notes that the timing of events is strangely favorable to Hillary Clinton. It is hard to disagree.

On June 12, 2016, Julian Assange announced that he would publish documents related to Clinton’s campaign on WikiLeaks. Two days later, Crowdstrike, the firm paid by the DNC, suddenly announced the discovery of malware on DNC servers and claimed it had evidence that the Russians were responsible for it. This set in motion the narrative for Russian hacking.

A day after that, Guccifer appeared, took responsibility for the purported June 14 hack and announced that he was a WikiLeaks source, working on behalf of Russia. He then posted the documents which VIPS now claims were altered to make them appear more “Russian.”

On July 5, two weeks later, Guccifer claimed responsibility for another hack — which the VIPS report categorically states can only have been a leak, based on the speed of data transfer.

As Lawrence suggests, this timing was convenient for the Clinton campaign, which could avoid dealing with the contents of the leaks by instead focusing on the sensational story of Russian hacking.

Since we’ve covered what is in the VIPS report, it is equally important to note what this report does not do. It does not claim to know who the leaker was or what his or her motives were. Lawrence is also careful to note that these findings do not prove or disprove any other theories implicating Russia in the 2016 election (such as possible Russian connections to Donald Trump’s family and associates, etc.). This deals purely with the facts surrounding the DNC hack/leak last summer.

Many who have questioned the official version of events have sought to link the murder of Seth Rich to the theory that the DNC suffered a leak, not a hack. Rich, a 27-year-old DNC employee, was shot twice in the back as he walked home from a bar in Washington, five days after the supposed July 5 hack of the DNC’s servers.

Numerous unproven theories have surrounded Rich’s murder. There are those who suggest that Rich had been angered by the DNC’s treatment of Bernie Sanders, decided to leak information which would be damaging to Clinton’s campaign, and was then murdered by Democratic operatives. Others have claimed that perhaps Rich had found evidence of Russian hacking and was murdered by Russian operatives.

There is no evidence for any of these theories — and neither VIPS nor Lawrence in his article attempt to link Rich’s murder to the hack/leak of information from the DNC. (Washington police have said since the night of Rich’s death that he was the victim of an armed robbery attempt that went wrong.) Nonetheless, the emergence of this information may lend credence to those theories for those who want to believe them.

Instead of subjecting the various accounts of what happened last summer to rigorous scrutiny, the media instantly accepted the narrative promoted by the Clinton campaign and U.S. intelligence agencies. It has continued to do so ever since. Now, as new information comes to light, the media has largely acted as if it did not exist.

For the media and mainstream liberals to dismiss the information presented in Lawrence’s article as lacking in evidence would be breathtakingly ironic, given how little evidence they required to build a narrative to suit themselves and absolve Clinton of any responsibility for losing the election.

The authors of this report are highly experienced and well-regarded professionals. That they can be dismissed out of hand or ignored entirely is a sad commentary on the state of the media, which purports to be concerned by the plague of “fake news.”

If these new findings are accurate, those who pushed the Russia hacking narrative with little evidence have a lot to answer for. The Clinton campaign promoted a narrative that has pushed U.S.-Russia relations to the brink at an incredibly dangerous time.

Unlike the cacophony of anonymous sources cited by the media over the past year, these experts are ready to put their names to their assertions. They expect that pundits, politicians and the media will cast doubt on their findings, but say they are “prepared to answer any substantive challenges on their merits.” That is more than any other investigators or intelligence agencies have offered to this point.

Given the seriousness of this new information, the DNC’s official response to The Nation’s story is so lackluster it is almost laughable:

U.S. intelligence agencies have concluded the Russian government hacked the DNC in an attempt to interfere in the election. Any suggestion otherwise is false and is just another conspiracy theory like those pushed by Trump and his administration. It’s unfortunate that The Nation has decided to join the conspiracy theorists to push this narrative.

The clear implication here is that anyone who questions what U.S. intelligence agencies “have concluded” is a conspiracy theorist pushing lies on behalf of Trump or Vladimir Putin. It is clear that the DNC expect the matter to be left at that, with no further inquiry from the media or anyone else.

By the looks of things, that’s exactly what will happen.

 

 

 

Danielle Ryan is an Irish freelance journalist, writing mostly on geopolitics and media. She is based in Budapest, but has also lived in the U.S., Germany and Russia. Follow her on Twitter.
MORE DANIELLE RYAN.
"Wyrd bið ful aræd"

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 397,175
  • Rate Post
  • Posts: 21,186
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #44 on: August 17, 2017, 16:49:20 »
More on what looks like a UKR link to the Russian hacking (hint:  don't take any tea or soup from any Russians, buddy) ...
Quote
In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking
By ANDREW E. KRAMER and ANDREW HIGGINS, NY Times, AUG. 16, 2017

 The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the dark web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.

There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

That a hacking operation that Washington is convinced was orchestrated by Moscow would obtain malware from a source in Ukraine — perhaps the Kremlin’s most bitter enemy — sheds considerable light on the Russian security services’ modus operandi in what Western intelligence agencies say is their clandestine cyberwar against the United States and Europe.

It does not suggest a compact team of government employees who write all their own code and carry out attacks during office hours in Moscow or St. Petersburg, but rather a far looser enterprise that draws on talent and hacking tools wherever they can be found.

Also emerging from Ukraine is a sharper picture of what the United States believes is a Russian government hacking group known as Advanced Persistent Threat 28 or Fancy Bear. It is this group, which American intelligence agencies believe is operated by Russian military intelligence, that has been blamed, along with a second Russian outfit known as Cozy Bear, for the D.N.C. intrusion ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline MarkOttawa

  • Army.ca Fixture
  • *****
  • 53,710
  • Rate Post
  • Posts: 5,506
  • Two birthdays
    • Currently posting at Canadian Defence & Foreign Affairs Institute's "3Ds Blog"
Re: Cyber attacks/defence/incdents (merged)
« Reply #45 on: August 17, 2017, 19:17:07 »
Canadian Forces...

Quote
Communications and Electronics Association Cyber Symposium...proud to announce the first annual Cyber Symposium.  The objective of the symposium is to bring together leading cyber experts to explore a wide range of topics in this dynamic field...Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario
Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’...

The Association has approached a number of individuals to provide keynote addresses and to act as moderators or panelists.  Invited speakers include Mr. Richard Fadden (confirmed) – former Director of CSIS and Deputy Minister of National Defence, General Jonathan Vance (confirmed) – Chief of the Defence Staff, a representative from US Cyber Command and CEOs from the Council of Canadian Innovators.  The Theme for the Symposium is ‘Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’.  Invited speakers along with others will cover topic areas such as:

Summary:

Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario

Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’


    Cyber Security – A National Security Perspective
    The Role of Canada’s Military in Cyber Operations
    Cyber within Coalition Operations
    The Role of DND/CAF and Industry in Driving Cyber Innovation in Canada (An Industry Perspective)
    The New Security Legislation and
    Oversight Framework and Its Impact on Cyber
    Operations
    The Recruitment/Training Challenge for Cyber Organizations
...
https://cmcen.ca/cyber-symposium-oct-2017/

Mark
Ottawa
Ça explique, mais ça n'excuse pas.