The Obama administration is retaliating against Russia for hacking into Debbie Wasserman-Schultz’s email account. It would have been much better if the administration had reacted when Russia hacked into the White House’s and State Department’s computers in 2014, but, as Glenn Reynolds says, at that time only national security was at stake, while now, it’s something really important: the Democratic Party’s power.
So yesterday the administration released its long-anticipated report on Russian hacking. The Associated Press explains the report’s importance:
The U.S. on Thursday released its most detailed report yet on Russia’s efforts to interfere in the U.S. presidential election by hacking American political sites and email accounts.
The 13-page joint analysis by the Homeland Security Department and the Federal Bureau of Investigation was the first such report ever to attribute malicious cyber activity to a particular country or actors.
It was also the first time the U.S. has officially and specifically tied intrusions into the Democratic National Committee to hackers with the Russian civilian and military intelligence services, the FSB and GRU, expanding on an Oct. 7 accusation by the Obama administration.
So the report is really important. I read it yesterday, and had to triple-check to verify that this is the document the administration has been hyping.
The report can fairly be characterized as a joke. To begin with, 8 1/2 of its 13 pages consist of boilerplate advice to IT professionals, e.g.:
A commitment to good cybersecurity and best practices is critical to protecting networks and systems. Here are some questions you may want to ask your organization to help prevent and mitigate against attacks.
Right. So how about the Russians and Debbie W-S’s account? The information provided is absurdly thin. The bottom line:
The U.S. Government confirms that two different [Russian civilian and military intelligence Services] actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
The “U.S political party” is of course the Democratic National Committee. But what is the evidence that the Russian government was behind the hack?
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
I assume that these claims are probably true, but they are conclusions, not evidence. Does the administration provide any evidence? This is as close as we get:
Indicators of Compromise (IOCs)
IOCs associated with RIS cyber actors are provided within the accompanying .csv and .stix files of JAR-16-20296.
description = “PAS TOOL PHP WEB KIT FOUND” strings:
$php = “
more recommended stories
- Vermont Viewpoints
When asked about the top financial.
- Debate: As Trump Prolongs War in Afghanistan, Should U.S. Pull Out Troops Immediately?
In a prime-time address on Monday,.
- Predicting Trump Wonâ€™t Last Full Term, Alec Baldwin Speaks Out on Impersonating the President
This is a rush transcript. Copy.
- Massachusetts – MPP
Legislative battle ends with compromise; implementation.
- For its 10th anniversary, GoTopless organization celebrates a decade of legal accomplishments (censored)
For its 10th anniversary, GoTopless organization.
- Online Sportsbook Tempts Bettors With More Options For Mayweather-McGregor Super Fight
San Jose, Costa Rica: Today,.
- Comedian, civil rights activist Dick Gregory dies at 84
Reuters on Sun, Aug 20th, 2017.
- NFL Blackout – Time To Take A Stand #BlackOut
In 2016, San Francisco 49er quarterback,.
- Report: FDA Asking Patients To Provide CBD Feedback
Finally, the FDA is asking people.
- Misconduct Dooms Bid to Execute OC Mass Murderer
Orange County Assistant Public Defender Scott.