Let's have a discussion about the DoJ released report on the DNC hacks. Please do not make this thread political; it will only focus on the technical aspects.
First, I think all anons should take a read of this DoJ report of what the intelligence agencies claim to have occurred: justice.gov
To sum it up, DNC employees first got phished, then malware was installed on their network to run MITM and keylogging, and a bunch of backdoors sent info down to servers in Arizona and Malaysia. The agencies and the cyber security firms they paid to "investigate" also claim that the tools used come from well know Russian tools (Xagent).
So basically, the DNC got hacked by techniques every skid and amateur hacker knows. The exact same thing could have been done with fake emails, persuasive messages, Bettercap or Cain, and metasploit with msfvenom. Nothing advanced at all. No advanced shit like spectre or zero days here.
Do the workers in IT not know about firewalls, checking port connections, identifying known malware, and using Wireshark? What type of low IQ retard do you have to be to fall for phishing scams?
The DNC either needs to fire their entire IT staff and a bunch of their employees
OR
The CIA and FBI are too stupid to find the real attackers and it might have even been an inside job because I'm pretty sure the Russians know not to use previously identified tools.
What do you think, anons?
Civil Discussion about "russian" hackers
Other urls found in this thread:
us-cert.gov
en.wikipedia.org
dni.gov
en.m.wikipedia.org
twitter.com
jackmatlock.com
en.wikipedia.org
nbcnews.com
washingtonpost.com
twitter.com
Russians hacked my toaster, you fucking faggot. They are real
>phishing attack
The ABSOLUTE STATE OF AMERIMUTTS
Ummm, yeah. Kinda what the OP was saying... You missed the point
>Russians know not to use previously identified tools.
the average russian iq is sub 70, no amount of incompetence could surprise me
the really difficult part is proving that it was "state sponsored" given the russian mafia state/oligarchs throwing shit at each other.
it simply cant be compared to a structured and hieranchical western nation where power is centralized in the government.
>Please do not make this thread political
OK
Political parties typically do not hire very many full time staff. They have a very small minority of full time staffers which obviously can not do it all and a very large portion of their staff are contractors. Thus, not a lot of time is put into computer security or training employees.
These full time staffers are not put there because they are any good at their jobs, they are completely political positions. A lot of them are old and not technically savvy. Most politicians have never held real full time jobs and very, very, very few of them have had any experience leading an IT department or dealing with a little bit of computer security.
Put two and two together. When your leadership is transitory in nature and the people put up there in the first place aren't very good at their jobs, it makes the organization much more susceptible to phishing attacks.
>Who is my boss again? Fuck it just pay me, no matter what happens it will all get forgotten in a few months after the election.
This is your average campaign worker.
And OP I think you are downplaying the fact that phishing attacks and advanced persistent threats backed by state governments are widely successful throughout corporate America, this is not necessarily an issue with political parties.
That being said
>The CIA and FBI are too stupid to find the real attackers and it might have even been an inside job because I'm pretty sure the Russians know not to use previously identified tools.
The NSA has much more inside information than your dumb underage ass will ever have and I would trust the government over some 14 year old frogposter when it comes to this kind of thing
Right now there are CALL CENTERS full of Pajeets calling grandmas across the nation making thousands of dollars a call. What Jow Forums Jow Forums NEETs and the global poor have in common is that they were both poor growing up and had access to cheap technology.
In Pajeet's case he also lived in an area where you could commit international cyber crimes and get away with it. While the intense complexity might not be there, Pajeet is capable of the low hanging fruit like phishing or breaking into servers that have been unpatched for 5+ years and have public exploits. Which apparently is enough to break into the DNC, and a vast amount of American corporations, both big and small.
Moral of the story is, stop abusing your staff.
>proves that government is incompetent
>proceeds to trust NSA, CIA, and FBI
How does the industrial military complex and government boot taste?
>political parties are government
Now you're just trolling. Thanks for bumping the thread though.
the report does not mention how they gained access to the network, IIRC it barely says they tried reusing credentials to do it
also, they mention a lot of details supposedly gained by hacking the attackers, but, unless they were monitoring them in real time, those details could have only come from a forensics analysis... which is really odd IMO, because it would have taken quite some time, and it probably would have been noticed by the attackers, unless they were really careless
Most DNC members are in some ways involved with the government. Also, I really loved how you considered it trivial to question some shady agency claims as absolute fact. Plus, the information OP used all came from the report released by the government itself, so he knows what they claim and will use in court
>What type of low IQ retard do you have to be to fall for phishing scams?
The average boomer and millennial.
There's a very small gap of people born in the 80s who don't fall for that shit because they grew up as the Internet grew up.
But for most of your shit, firewalls are great so long as malware can't control the firewall or hijack an application with access. Going inside out is much easier than outside in.
Wiresharking your entire network is a big fucking job, if you don't know what you're looking for you just have a massive pile of captured data.
And so on.
What I want to know is how exactly did the alphabet agencies find out what the hackers exactly searched up when hacking. Like how do they know exactly what they searched for.
Good point. But aren't there programs that let you monitor what connections are occurring in each port (like portexpert and a nirsoft tool)? Plus, for MITMs, isn't that easy to see in wireshark? Wouldn't sending data to other servers be obvious when sniffing?
attribution is a best guess of (cherrypicked) analysts, not an exact science
that said, i still think it was russians because they are really that fucking stupid (working at moscow time, using personal email on vpn...)
we have had access to the security cams at the russian university where the gru/internet research agency is located, so we have literally been watching them as they hack our shit.
>political parties are non governmental organizations
which makes the narrative of "election hacking" so preposterous.
Politicians don't run the government. The legion of public servants do and I guarantee that there are many, many individuals employed by the government who handle computer security. Political parties do not have this luxury for reasons previously stated.
Politicians don't even have full access to all of the information the government has, they just get reports from staff as you have mentioned. There's just no time to sort through it all. So they are in fact poor phishing targets, unless you are trying to, say, disrupt the activity of a political party or gain access to compromising material to blackmail said politician, both will eventually end up with a prison sentence.
>I'm pretty sure the Russians know not to use previously identified tools.
Validate that statement. Why a successful attack that can't be traced back to Russia shouldn't have been done and they should "know better".
This shit goes pretty deep. Recently I've been trying to collect my thoughts on the whole matter, in a timeline but I'll post just what's relevant to the tech:
>1) Trump, while campaigning, takes a softer stance on Russia. Both hawkish neocons and liberals are upset over Crimea from 2014, so they both demonize him for saying shit like he'd rather "talk" to Russia. Hillary genuinely says she would not even speak to Putin.
>2) Trump wins election. Both traditional left AND right have bashed him the entire time, basically everyone upset.
>3) FBI/DHS report (us-cert.gov
Those reports are the basis for the entire investigation we have now. Seriously, read those - they're concerning as fuck. There's some shit in the FBI/DHS report I wouldn't expect from a college freshman.
Additionally, the group alleged to be the source of the election tampering, Fancy Bear, is suspicious to me. All the Wikipedia citations about their attacks across the world (en.wikipedia.org
The only thing that will convince anyone with an actually understanding of networking and security that it was the Russians is the kind of digital forensics the United States would never release because "Muh national Security"
You will never see any real evidence of anything they claim about the hacking incident because they will never share the actual evidence. It's all hearsay.
Sorry, ODNI report link was wrong: dni.gov
What's preposterous? If we live in a country where there are only two viable parties, the selective illegal disruption of one has a severe impact on our democracy.
Of course they should know better. If you have hacked with a tool made by yourself, why the fuck would you use it again? Unless it's for a dick waving contest, there's no point because people will know who it is
It's funny that you think a tool that "any hacker can use" means anything to a Russian hacker.
There is no substantiative link back to Russia (besides the fact that everybody knows it was probably them in the first place) and that settles things in legal court. The only other court is that of public opinion and that court does not give a shit about your point.
The attack was successful and Russia got away with it, the end. Why should they know better again?
>I still think It was the Russians
post discarded. sorry you're too dumb
>There is no substantiative link back to Russia (besides the fact that everybody knows it was probably them in the first place) and that settles things in legal court.
....because the indictment just came out today and court proceedings have not got to that stage yet
I don't see anything wrong about revealing corruption and inner party rigging. It's not bad for democracy. In fact, it's good. Would you like it if everyone never knew about government corruption and vote like little sheeps? However, I do wish that we know more dirt about both parties.
>t. Sergei Sergeevitch Pidorov
Computer hacking is illegal user.... you don't want a full fleged cyber war to break out every election do you?
They're never going to actually give you the proof you think they found, user, whether or not it exists. The best you're going to get is expert testimony from the highest ranking bureaucrat who is willing to defy Trump.
You are claiming that Russian tools means the Russian government did it. That is not the case. Therefore, there is no reason to "know better".
We don't have kangaroo courts in America, Oleg
That's nice, user, you're a retard and the American government classifies evidence in sensitive cases all the time, the JFK shooting being the most obvious example.
Enjoy your expert testimony.
>Additionally, the group alleged to be the source of the election tampering, Fancy Bear, is suspicious to me. All the Wikipedia citations about their attacks across the world (en.wikipedia.org
How is that suspicious? According to the article they were only identified in October 2014.
You are hohol, right?
>no kangaroo courts in America
That's funny, pretty sure the government and the alphabet agencies don't give two shits about the bill of rights, or the constitution for the matter. They just want control and money, that's fucking it. Especially the alphabet agencies-those are some nasty motherfuckers
the democratic party miscalculated. Donald trump found a specific demographic and focused his values and beliefs based on that demographic. it grew and while the democratic party campaign was an all round mess. no proper strategy and unfavorable exposing of Hillary time and time again didn't help.
many voted Trump because of Hillary.
at the end the Democrats knew they had fucked up and sing didn't want to admit. what's the go to excuse for anything unfavourable outcome? Russian hacking. see brexit. fucking laughable. that's all this is a pathetic. shift of the blame. hacked by russia is basically the same as anti semitism. fuck up everything and when faced with questions or scrutiny. anti semitism
if the hack did ever occur and it was russia you would knew know.
this is fucking unbelievable. america interferes in russia domestic matters but no one gives a shit. us fucks up elections and blames russia.
us also constantly taps phones. see Merkel phone tap.
why do you think my emperor Putin does not use a mobile phone. Russians are not easy to fool. we grew up in times where had to be vigilant and careful and grew smart and how to stay not compromised.
we don't trust the telephone. as my babushka used to say (while speaking on phone) oh that's not something (something private) to discuss over the telephone.
>Please do not make this thread political
Good luck with that. Last week I saw a post where someone was asking for someone to point them in the right direction so they could learn systems programming. It took literally 3 replies for it to devolve into a shitfest of people arguing over the viability of communism.
Igor, the expression is "three letter agencies."
Ahaha, literally no it is not. Keep up with the ad hominem shitposts, it'd go better with frog images.
I'm just trying to help esl-kun :(
Kek, I can just imagine that
>happy user asks how to start programming
>one says C
>one says python
>one says java
>one screams about java being object oriented and thus hierarchal, therefore exploiting the lower class
>thread derails into debate about commies
And some wojaks
That's more or less exactly what happened.
Someone correct me if I'm wrong but I thought a blogger leaked DNC emails and later accidentally revealed he was employed by the Russian government.
>Muh russia retardstaion on g
this is never going to work
not even sweetieposters will waste their time on this
You're thinking of Assange, which leftists are labeling Russian spy even though earlier during Obama they were all behind him.
Nope. It was Guccifer 2.0. The identity section of this article might clear up what OP's mystery.
en.m.wikipedia.org
>In March 2018,The Daily Beast, citing US government sources, reported that Guccifer 2.0 is in fact a RussianGRUofficer, explaining that Guccifer once forgot to use aVPN, leaving IP logs on "an American social media company" server. The IP address was used by US investigators to identify Guccifer 2.0 as "a particular GRU officer working out of the agency’s headquarters onGrizodubovoy Street(ru)in Moscow."[32]
wtf i believe faceberg now
>two party system
>more or less the same shit
>8 years in govt
>>hurr durr our political parties are not government!
wow, so they literally tracked his IP
wonder if they used a visual basic GUI interface for that?
>What type of low IQ retard do you have to be to fall for phishing scams?
The same type that comes to Jow Forums hoping for an intelligent discussion, obviously.
So, you and Hillary, sitting in a tree...
>phishing attacks
What is the point of charging them? They aren't ever going to bring them to trial or jail.
> forgot to use aVPN, leaving IP logs on "an American social media company" server.
A VPN is all it takes to counter the best intelligence agency in the world?
And people think Tor is unsafe? KEK
I suppose the 12 Russians indicted should come to face the charges. But that is probably too much to expect from a barbarian country like Russia.
there's no """hack"""
seth rich leaked the emails to wikileaks and that's it
the techniques that were used to steal the emails can literally be done by 14 yo kids, No fucking intelligence agency let alone FSB would send fake login pages inside emails to people they want to hack in 2016, this techniques is only done by kids and amateurs. Arrogant, corrupt and good for nothing Hillary and her boomer aides who wouldn't employ a 22 yo kid without having 4.0 GPA with 40 year experience in everything, cannot even tell if the email contains a fake login page or not sent probably by Jow Forums-tier hacker.
The whole Russia meddling meme started the next day Trump won election by Obama because he and the media that's almost completely controlled by liberals (just like you would expect in any dictatorship) could not (and still cannot) believe that after all such control on everything there is still like half the country who are still non conformant and refuse their policies and beliefs.
>he thinks facts matter when it comes to pushing a narrative
This is just standard globalist operating procedure, m8. They'll claim guessing the answer to a secret question is such a technically challenging feat that only the 3 Great Hacker Kings in Moscow can accomplish it. And 60% of the general public will slurp that shit up because it's what they want to believe.
Again, no respectable intelligence agency let alone the FSB would "forget" to use a VPN, such scripts are tested a million times before deployment.
now THIS is some shit:
twitter.com
>Former U.S. ambassador to Moscow says State Department reached a different assessment to CIA on 2016 election jackmatlock.com
>fake news
some quotes:
>I spent the 35 years of my government service with a “top secret” clearance. When I reached the rank of ambassador and also worked as Special Assistant to the President for National Security [...] intelligence reports to the president relating to Soviet and European affairs were routed through me for comment.
>[...] the report was prepared by a group of analysts from the three agencies pre-selected by their directors, with the selection process generally overseen by James Clapper, then Director of National Intelligence (DNI). Clapper told the Senate in testimony May 8, 2017, that it was prepared by “two dozen or so analysts—hand-picked, seasoned experts from each of the contributing agencies.”
>During my time in government, a judgment regarding national security would include reports from, as a minimum, the CIA, the Defense Intelligence Agency (DIA), and the Bureau of Intelligence and Research (INR) of the State Department. The FBI was rarely, if ever, included unless the principal question concerned law enforcement within the United States. NSA might have provided some of the intelligence used by the other agencies but normally did not express an opinion regarding the substance of reports.
>[...]There was no mention of INR or DIA! The exclusion of DIA might be understandable since its mandate deals primarily with military forces, except that the report attributes some of the Russian activity to the GRU, Russian military intelligence. DIA, the Defense Intelligence Agency, is the U.S. intelligence organ most expert on the GRU. Did it concur with this attribution? The report doesn’t say.
>Retired senior NSA technical experts have examined the “Guccifer 2.0” data on the web and have concluded that “Guccifer 2.0’s” data did not involve a hack across the web but was locally downloaded. Further, the data had been tampered with and manipulated, leading to the conclusion that “Guccifer 2.0” is a total fabrication.
Absolutely false, phishing works at all levels in practically all sectors of government and business. My company regularly does penetration testing, and phishing is always a hit. The important thing is making your security resilient to a single employee being compromised. All data access is auditable, minimize local data storage, if practical only present a network service with a UI rather than give people direct access to a data store. Encrypt all data in transit and at rest, use rate limiting, have automated monitoring, etc, etc, etc.
You need to take good security practices at every level to be resilient, and planning for human failure is extremely important.
>no kangaroo courts in America
en.wikipedia.org
Watch the documentary 'The Thin Blue Line'.
These Russian hackers, they wanted to show that it was them, though, given the fact that no legal repercussions are to follow at all. Russia and the US have no extradition treaties.
It isn't like they're incompetent and just do this from their own IPs because they don't know what a VPN is. They're far more competent than you or me. They launch very sophisticated remote code execution attacks which leave no file artifact. I know that because I work in cybersecurity.
It's all part of further political game. Putin wants to show how he can intervene in American politics too if the US does it with its government-sponsored NGOs, radio stations and other ventures often backed by the CIA. He talked about it on on numerous occasions.
Also, they even developed firmware-level rootkits and malware. Their methods are highly sophisticated. They infected tons of routers with firmware malware across the world.
It's merely a signal from Putin that he's tired of America (more particularly the state dept. and the CIA) intervening in Russian politics. Showing the IP addresses was necessary for the Russians, as they wanted to show that it was them.
Oh look, a Jow Forums thread.
>that 30 yo NEET who claims to be working in cybersecurity
dumbest made up shit ive read today
just sit tight junior, just a couple more hours until mommy comes home and makes tendies for lunch
>projecting this hard
Snowden broke the law as well, yet I support him.
Also, Putin mentioned how he would hand out the Russian hackers only if the US will hand out its CIA agents who had intervened in Russian politics.
He had made it crystal clear during the Helsinki summit.
This hacking wasnt done foe the sake of transperency or "greater democracy". It was the opposite in fact since they not only did not do the same to the other major party (equally or even more corrupt) and their intent was to try to hurt a political opponent.
Revealing corruption is still for the greater good, albeit the republicans like bush probably have a lot of covered up shit
>a full fleged cyber war to break out every election
That sounds fucking sweet and I fully support it.
>when literally skids who forgot about VPNs hacked the DNC
Putin is truly a based bear riding hackerman.
+15
When I read shit about the Russian intervention in the elections I always came convinced that's the DNC version of Birtherism.
Except that, somehow, Birtherism wasn't taken seriously. This shitfest has participants of GOP, DNC and their allies in MSM and shit like that.
isn't it funny how they were the ones accusing R's of being conspiration theorists? now they have taken that position...
Yes I do, that way there's always someone watching the watchers, after all the CIA and NSA do the same but on regular citizens 24/7, they deserve it.
Juden are butthurt over the fact that the goyim didn't vote the way they wanted to so they blame it on their ethnic enemy Russia to save face.
>The CIA and FBI are too stupid to find the real attackers and it might have even been an inside job because I'm pretty sure the Russians know not to use previously identified tools.
The DOJ indictments name names, so they know full well of who did it, also
>Implying Russians are super smrt haxxor ninjas liek in my tv shows!
Before you come up with some petty rebuttal, the feds surely keep tabs on potential adversaries, they knew this could happen and all the evidence points to them. If the Russians were as sophisticated as you think they are, how were they able to get framed? By your argument, they should be invisible.
>trump is a shabbos goy
>kikes still hate him
How this happens?
I'm not saying that you're wrong. Because is what is happening now. Trump has been the most shabbos goy president and he's still hated by the kikes.
isn't this just a case of stupid office workers being retards? how are they so sure it's Russian hackers and not some run of the mil pajeetware?
Stupid officers being stupid don't make a narrative of "an evil fascist rising to power throught ilegitimate means"
>doj named people so it must be them!
Okey dokey, the government never makes mistakes. There's no such thing as throwing people under the bus. The Americans surely would never do that!
Hi CTR/ShareBlue
So this is the hacking that led to the leakage of those e-mails where CNN literally say beforehand and negotiate what questions they'll ask Hillary Clinton in the debate? No one wants to discuss the content of those types of emails? Imagine if it was Fox News with Republicans.
He tries to appeal to the small minority of good jews that aren't anti white bolshevik trash.
It makes sense. He recognices Israel but doesn't bow to their ethnic tricks called diversity.
Its like, he wants that the Jew recognices the right of the white to exist.
It was Serbia. They have all the reasons in the world to try and frame Russia. Mark my words,the truth will prevail.
It also confuses me how China has managed to get off the hook for all that they've done.
>His conviction was overturned
>prosecutors to throw out
>prosecutors in seven Massachusetts counties dropped
You must be really desperate to keep bumping this thread with nonsense Ivan.
>Serbia.
Sorry, meant to say Ukraine.
>literal skids without vpns hack the dnc
Next thing you know, nudes of some boomer official get leaked because of some pajeet with nanocore
>Israel
>not the worst kind of Jews
>hurr durr muh justice system is perfect!
you guys must be really paranoid and brainwashed, like a good american sheep
>Do the workers in IT not know about firewalls, checking port connections, identifying known malware, and using Wireshark?
lol what makes you think they hire IT workers from outside
politics is basically all nepotism, the nephew that is "good at computers" was paid a hefty salary of campaigning money in order to set up their infrastructure
The report lays out there access timeline for a couple different things, but one was gaining access to a poorly secured cloud asset (probably aws) that was hosting a site and likely a database. Some ass douche probably whitelisted all traffic originating from that ip when he couldn't get it to connect to his local db
The timestamps in the report for users running queries and their specific Google history makes it seem like real time monitoring, which doesn't make sense... Either the l33t hackers couldn't even wipe their own internet traffic or something sneaky was happening
>I'm pretty sure the Russians know not to use previously identified tools.
fuck off back to pol you scumlord. you'd probably argue the russian troll factories are probably DNC insiders as well, paid to make trump look unironically bad
There were no hackers. It wasn't a hack, but a leak, so when the DNC found out the leaker went directly to Assange they invented the whole Russian hacker story to make Wikileaks look like a Russian influence. Alphabet agencies never had access to DNC servers, instead working from data collected from a known anti-Russian security firm.