On Dec 29, 2016 the FBI and DHS released a Joint Analysis Report (JAR-16-20296) in which federal investigators claim that "technical indicators" link the Russian government to hacks of "a U.S. political party". For unexplained reasons the Democratic National Committee and Hillary Clinton campaign chairman John Podesta are not mentioned by name but it's clear that this report is intended as a reaction to Wikileaks' publishing emails that appear to be theirs.
The technical details in the report are limited and include a short list of tools and infrastructure that were allegedly used to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”
The technical indicators are provided in Structured Threat Information Expression (STIX) and Coma Separated (CSV) format and could be used to search for attack patterns, malware, exploits and to defend networks or systems against cyber threats. Unfortunately this report has been released too late to be of much use to security experts who potentially review thousands of port scans every minute.
The "technical indicators" include tools and techniques such as Powershell Backdoor and HAVEX which are commonly known to an average white hat hacker. The list of IP addresses and fully-qualified domain names are not very useful to identify the perpetrators of these cyber attacks because the compromised systems have probably been repaired or taken offline by now.
UPDATE on Jan 4, 2017 Micah Lee from The Intercept determined that since 367 of the 876 IP addresses in the Grizzly Steppe report "are actually just Tor exit nodes, this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses."
A "Fact Sheet" published by the White House says that the Joint Analysis Report "includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia." So even the Obama administration plainly admits that this is not proof of Russia's involvement.
During a presidential debate, Hillary Clinton claimed, "We have 17 intelligence agencies, civilian and military, who have all concluded that these espionage attacks, these cyberattacks, come from the highest levels of the Kremlin, and they are designed to influence our election." However, there is still no proof or compelling evidence provided to justify why these intelligence agencies believe that Russia was involved in the hacking of Democratic Party emails.
Furthermore, the U.S. has a long history of influencing elections in other countries and their tactics frequently include cyber espionage and dissemination of propaganda. So the hypocrisy and double standard applied to Russia's alleged action is quite perplexing.
This Joint Analysis Report is too little too late and those responsible for its content should be ashamed of its tardiness and limited usefulness. Congress must investigate the gross negligence in handling this public disclosure. We the people of these Unites States deserve better explanation of the reasons behind our government's sanctions against Russia and the labeling of their diplomats as "persona non grata."
The Obama administration's actions are tantamount to a declaration of war on Russia. We deserve proof or at least compelling evidence of Russia's involvement in the DNC leaks. We also deserve a select committee investigation into the alleged authors of the leaked emails to determine if indeed the DNC rigged the Democratic Party primaries against Bernie Sanders and laundered money from the Democratic Party into the Clinton campaign instead of the down-ballot candidates who should have received funds.
UPDATE: On Jan 6, 2017 the Office of the Director of National Intelligence released a new report that states, "We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion."
No comments:
Post a Comment
Please be respectful of others when commenting.