The same FBI that read 650,000 emails in 5 days and determined no crimes happened .  There is more honesty from a Nigerian email from a Prince

According to earlier government reports of attacks of sufficient sophistication against Hillary's server, such evidence might not have been evident due to the lax security of the various systems.

You're comparing two different animals.  There was a lack of forensic evidence recovered from the Clinton server due to the fact that the server had been wiped (in some degree of a forensically-sound manner).  The DNC server breach was caught "in the act" and there would have been plenty of evidence found in the hard drive disk images (or VMs), along with the server RAM and various log files.  Apple and Oranges.

An "insider" would have left plenty of forensic evidence of his/her actions.  (Hint:  Deleting some, or even all of that evidence would have left additional evidence...the people that investigate these cases aren't dummies)

You've also got to explain how Rich turned into some uber-hacker that left no trace of him elevating his privledges and then exfiltrating the data, and why there was evidence of two Russian APT groups inside the network...but that it totally wasn't the Russians that stole the data.

This is what passes for attribution these days? Or at least what they think is enough to convince outsiders of attribution? Poor play.

The Russians must be all thumbs when it comes to hacking if they left enough of a bread trail to be discovered.

Or, someone else is smart enough to make the bread trail lead to the Russian's door, maybe the Russians paid them to do it.

Or, we are all pretty dumb to believe that only one entity hacked the Democrats and threw their dirty laundry into the streets for all to see.

If the Russians really did it then they wanted Obama to know they did it.

Putin should send a bill to the American media for doing their job for them.

And yours are quite biased.

You base all of your statements on reports PAID for by the DNC.

Read this for the complete picture into why neither Crowdstrike, Fireeye, Secureworks et.al. are not the definitive source of evidence. Largely, because they themselves cannot say beyond a doubt.

CrowdStrike’s frequently cited findings of Russian responsibility were essentially paid for by the DNC, which contracted its services in June. It’s highly unusual for evidence of a crime to be assembled on the victim’s dime.

CrowdStrike, whose claims of Russian responsibility are perhaps most influential throughout the media, says APT 28/Fancy Bear “is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target.” But this isn’t a Russian technique any more than using a computer is a Russian technique — misspelled domains are a cornerstone of phishing attacks all over the world. Is Yandex — the Russian equivalent of Google — some sort of giveaway? Anyone who claimed a hacker must be a CIA agent because they used a Gmail account would be laughed off the internet.

Consider the fact that CrowdStrike describes APT 28 and 29 like this:

Their tradecraft is superb, operational security second to none and the extensive usage of “living-off-the-land” techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and “access management” tradecraft — both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.

Compare that description to CrowdStrike’s claim it was able to finger APT 28 and 29, described above as digital spies par excellence, because they were so incredibly sloppy. Would a group whose “tradecraft is superb” with “operational security second to none” really leave behind the name of a Soviet spy chief imprinted on a document it sent to American journalists? Would these groups really be dumb enough to leave cyrillic comments on these documents? Would these groups that “constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels” get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before? It’s very hard to buy the argument that the Democrats were hacked by one of the most sophisticated, diabolical foreign intelligence services in history, and that we know this because they screwed up over and over again.

Even the claim that APT 28/Fancy Bear itself is a group working for the Kremlin is speculative, a fact that’s been completely erased from this year’s discourse. In its 2014 reveal of the group, the high-profile security firm FireEye couldn’t even blame Russia without a question mark in the headline: “APT28: A Window into Russia’s Cyber Espionage Operations?” The blog post itself is remarkably similar to arguments about the DNC hack: technical but still largely speculative, presenting evidence the company “[believes] indicate a government sponsor based in Moscow.” Believe! Indicate! We should know already this is no smoking gun. FireEye’s argument that the malware used by APT 28 is connected to the Russian government is based on the belief that its “developers are Russian language speakers operating during business hours that are consistent with the time zone of Russia’s major cities.”

As security researcher Jeffrey Carr pointed out in June, FireEye’s 2014 report on APT 28 is questionable from the start:

To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:

“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.” (emphasis added)

That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.

The notion that APT 28 has a narrow focus on American political targets is undermined in another SecureWorks paper, which shows that the hackers have a wide variety of interests: 10 percent of their targets are NGOs, 22 percent are journalists, 4 percent are aerospace researchers, and 8 percent are “government supply chain.” SecureWorks says that only 8 percent of APT 28/Fancy Bear’s targets are “government personnel” of any nationality — hardly the focused agenda described by CrowdStrike.

At the very best it can only prove that the actor that perpetrated the attack is very likely located in Russia. As for government involvement, it can only speculate that it is plausible because of context and political motivations, as well as technical connections with previous (or following attacks) that appear to be perpetrated by the same group and that corroborate the analysis that it is a Russian state-sponsored actor (for example, hacking of institutions of other countries Russia has some geopolitical interests in).

What we’re looking at now is the distinct possibility that the United States will consider military retaliation (digital or otherwise) against Russia, based on nothing but private sector consultants and secret intelligence agency notes. If you care about the country enough to be angry at the prospect of election-meddling, you should be terrified of the prospect of military tensions with Russia based on hidden evidence.

A governmental disclosure like this is also not entirely without precedent: In 2014, the Department of Justice produced a 56-page indictment detailing their exact evidence against a team of Chinese hackers working for the People’s Liberation Army, accused of stealing American trade secrets; each member was accused by name. The 2014 trade secret theft was a crime of much lower magnitude than election meddling, but what the DOJ furnished is what we should demand today from our country’s spies.

They paid them for work they did? How sinister.

Actually, he was on the Hannity radio show today. I tuned in by accident because that what was on when I got in the truck.  

eta speling is for doaps.

FIFY


TC

He just copy/pastes long nonsensical GRU-talking points.  It's almost 2 AM in Moscow right now so I assume he's working the night shift.  Da tovarich?

Oh sure.  FBI is credible.  Just as the media is.  LOL.

FBHO

When you factor in millions of votes by illegals and other fraudulent votes, it probably was a landslide victory by Trump!

Can refute the words so attack the messenger? How libtarded of you. DU is waiting. They all agree with your BS over there

You don't even understand what you're copy and pasting.  Why would I bother engaging you in any sort of discussion?  You're obviously going to ignore any evidence that is presented that doesn't fit your (limited) worldview.

The last time I was in Moscow I went to this high-end shopping mall that's right off Red Square. I forget the name, but it's just across the square from Lenin's tomb.  They had a great coffee shop there that sold these little pastries that were like little cookie tubes filled with chocolate.  Really good.  The next time you're over in that part of town (I know Lubyanka is a few blocks from there), you should check it out.  Thank me later.  

You're the one making the assertion that because the company got paid the results are fake.

Feds. Lol.

I base my statements on years of experience to include dealing with data involving APTs.

Assuming that the results of a contracted data systems analysis will invariably result in the outcome desired by the contracting organization is the very definition of bias. Multiple entities, public and private, have reviewed the data and generally come to the same conclusion.

You've touched on most of the important bits but whiffed on the conclusion because you are wrapped up in myopic faux outrage because the Democrats are behind this rather than the Republicans.

Even if this report proves the Russians did hack Podesta... Does it prove that others did not?

Does the report prove that the hackers were working for the Russian government when they did it? Or just that they had previously worked for the Russian gov?

Any proof the hackers gave the info to the Russian gov, and the Russian gov then provided it to Wikileaks?

None of this shit would pass the slightest scrutiny of a court, or any intelligent person.

Fuck them.

I fart in their general direction.

Blaming the Russians for the outcome of the election is like blaming the kids for telling you the dog shit on the rug in the living room.  It's still the dogs actions that got him in trouble, not the kids fault for exposing the crime.

TC

It is you how doesn't actually understand the entire thing.  What evidence are you going to present? Crowdstrike? I just smashed that to bits with my copy and paste. Fireeye? Same with them.
Your worldview is that "WaPo told me so it's true", or Incompetent private organizations (DNC and Podesta) click on phishing links so it HAS TO BE THE RUSSIAN Gov't.
Even the Rolling Stone is rolling it's eyes at this narrative and they know fakes news.

And once again, you can't refute a single word so you go full retard with the cute little Lubyanka shit.

FYI, You can get those  little pastries that were like little cookie tubes filled with chocolate at the local supermarket in anytown USA.  
Since your only reference to them is in a coffee shop in Red Square, perhaps it is you who are working for the GRU.

No they have not, as evidenced by the actual quoted info in my post that shows that even they cannot definitively say it was the Russian Gov't. It is just that you WISH they did.

Now run along to DU. You have many friends over there that think your experience with McAffee AV is awesome.

I have worked in the Network Security field for over 25 years, probably longer then you have been alive. In fact I directly work with an APT research group who has found more info and zero-days then all of your vaunted Crowdstrike, Fireeye, Unit 42 etc.. combined. We have yet to even bother  looking at this because we are not butthurt, crybabies who tried everything to circumvent the will of the people and still lost. It was at best, a simple phishing attack that anyone could have perpetrated but keep believing the BS.

I take it you're a fan of Trump's 400 pound hacker theory?

I heard that too, but I think it was an old show. Hannity has been on vacation all week and he had Assange on a couple times a month or two before the election

Your zampolit is going to be upset that you admitted to that!

Hmm, on one hand Zero assures us it's the Russian government.  On the other hand, Wikileaks assures us it wasn't the Russian government.

Which one has the better track record for telling the truth?

Keep mixing poor assumptions with confirmation bias. It will pan out eventually.

If your background is as deep as you claim then you should understand that your stated burden of proof is proof of a negative. If not, then I suppose you can take solace in your impotent rage.

No......   Only Nation State James Bond level supervillains could possibly be behind this.  

Only they could challenge the brain power of the DNC!!!!

And that right there is what tells me you know absolutely nothing about network intrusion.  The rest of your diatribe is just random shit you've googled, cut, and pasted.  Congratulations, you'd make a wonderful CBS journalist.

This pretty much covers it.

It could be Russia -- but nothing they've released proves it.  It might actually be Russian intelligence, or it might not be.  They could release things to prove this, but chose not to, in favor of a "report" that isn't and doesn't even attempt to prove anything.  

In all of this, you all are being sold a narrative, one purchased by the DNC.  It may be based in fact or it may not.  Knowing the DNC and their history, I wouldn't bet a dime on them putting out anything honest.

My understanding of COBOL is unparalleled!

Almost looks like Obama/DNC is giving the FBI the narrative

Ah no, my stated burden of proof is exactly what the DoJ provided when they blamed the Chinese Gov't for hacking Six private companies  (who unfortunately don't have the legions of butthurt nevertrumpers, libtards, in the tank MSM and corrupt dems rooting for them). Not a basic best practices guide with 4 pages that basically say, Dems are stupid and click links they shouldn't have. We think it's Russians. Funny thing, the DoJ indictment says things like defendant WEN sent spearphishing emails and planted malware and misspelled URLs and registered fake domains. Sound familiar? That is all the evidence that Crowdstrike has. The difference is DoJ released NAMES, DATES how many emails or gig of data was taken, complete timelines and background as to why they come to the conclusion.

We've got some WaPo asshole saying that the Russian Government (with no actual link between the Gov't and Fancy Bear or Cozy Bear except Crowdstrike and Fireeye says so and even then the use "believe, probably, indicates) got an ANONYMOUS Intelligence source to tell him that they did it to get Trump elected when the hacks occurred before he was even a candidate.  That's some awesome mindreading and crystall ball work right there.

Are you making the laughably foolish assumption that a US-CERT informational alert constitutes the sum total of available evidence?

You're comparing a federal criminal indictment / complaint with a DHS / FBI / ONI JAR report?  You realize they are two different types of "reports" presenting different information to different audiences, right?

Well, that is actually a quote from Jeffrey Carr and yes it is cut and pasted because that is what EVIDENCE is. A detailed list of things that show a conclusion (such as the fact the NONE of the companies used as resources can even definitively state the idiocy that NYT and WaPo printed and that have morons going "Russia hacked the election")

He founded Project Grey Goose
Founded Suits and Spooks conference

Jeffrey Carr has lectured on cyber-security issues at the Defense Intelligence Agency, U.S. Army War College, Air Force Institute of Technology, NATO’s CCDCOE Conference on Cyber Conflict, and DEF CON

He wrote the book Inside Cyber Warfare which was published on December 15, 2009. The book documents cyber conflicts from 2002 until 2009. Both General Kevin P. Chilton, Commander USSTRATCOM and his Chief of Staff MG Abraham J. Turner have endorsed this book.

His analysis of the BS report. Seems to be the same as mine and several other folks on here

He knows far more than a DNC crotch-sniffing sycophant such as yourself.

Instead of childish  emoji's, How about refuting anything I've typed and/or copied here?

I wonder if his book covered AgentBTZ?

Where exactly do you get that? Since you like to play games here is the link again https://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf

Nothing in that or what I said has anything to do with CERT

That's cute coming from a Russian shill.

And nothing in that link has anything to do with the DNC hack(s) or the release(s) of information regarding said hack.

I agree completely. I don't see how an intelligent person could say otherwise. Even the typical butthurt Hillary supporter should be able to see through this smokescreen, but it obvious there are a great number of Dem apologists who are looking for any sad excuse to not have to admit they lost fair and square.

He's clearly making the case that the government could have released actual information in this case as they did in the one he referenced.  

The Jeff Carr article posted above is better analysis of what they've done so far -- they're making extraordinary claims and not backing them up.

These are the same people that said Benghazi was about a YouTube video.

These are the same people who said Bowe Berghdal was a hero who served with honor and distinction.

These are the same people who said the ACA would make health insurance cheaper.

And you know that the 2014 indictment was a political decision intended to place some pressure on China to back off their cyber efforts, nothing more. A lame duck administration gains nothing from specificity in this case.

I'd suspected that you actually knew fuckall about real security problems, so its nice to see that born out in a thread on a subject thats pretty par for the course for anyone who actually works in the security field, especially for the nation state threats.

The report was TLP White, so off the bat, everyone should expect pretty limited details. As limited as the report is, this much information almost never gets released this broadly by the government. But nothing in it is surprising, not attribution for APT 28 or 29, not the timing of the compromise, or that the report reveals less than Crowdstrike's own reports. I'm amused that anyone would question Crowdstrike's take on the matter, as they make their money following these groups around. Does their report indicate that the DNC is not somehow culpable for the attacks?

The DNC, and the RNC, are of course targets for US adversaries. That they aren't better protected (or protected at all) is a testament to the lack of focus provided by the current POTUS. Maybe that changes in a few weeks, maybe it doesn't. But all of this seems mostly about saving face, and not actually preventing further harm. But seriously, I'd love to see the better report you can come up with in a few hours - heck, I'd love to hear your take on 28 and 29 both being on the same network, and maybe you can tell us which IOCs are important and which we should ignore. Or you can go on puffing your chest and fooling the rest of GD into thinking you know a thing or too about the state of global espionage.

Well, you've hit the nail on the head here -- a lame duck administration is doing nothing but trying to sabotage the incoming administration with any of this right now.

Ask anyone in South America what they think about America meddling in foreign elections. This pretend outrage is as hilarious as it is hypocritical.