a reply to: Xcathdra
Its because your internet connection is rated in Mbps (Mega(bits) Per Second) the maximum data transfer speed of the connection, when you download in
a program, the program shows you how much of the program you are downloading per second. Programs are in Mega(bytes), so in this context mbps has two
meanings in IT world.
When referring to transfer units the B means "bits" and when referring to file size/download the B then means "byte"
There's exactly 1024(kb) in 1(mb)
so 50(mb) x 1024(kb) = 51200(kb)
51200(kb) / 8(bits) = 6400kbps / 1024 or 6.25mbps theoretical maximum file download speed, you also need to deduct about 13-18% roughly depending on
the case for packet overheading... In your final download speed is somewhere around 5.5mbps to 6mbps assuming the host your downloading from can send
you that much...
But still the point they are using is silly, he's not saying its unlikely it got hacked because it was downloaded at 25mbps, the (analyst) probably
meant that when you hack something and your trying to download files secretly, you don't hit the pedal to the metal and redline the file transfer
speed because its going to make noise and the IT guy will probably pick it up, especially if all of a sudden his network slows down, your trying to
act covertly to maintain access for as long as possible... So instead of trying to download the file in 2mins at 25mbps any normal (cracker not
hacker) would download it at much lower speed and let it download for awhile to blend in the rest of the connections so nothing looks abnormal...
But that's under the assumption that "whoever did it planned to maintain access", nothing in there takes in account the perpetrator might just not
have gave a f*** or was just in a rush trying to pull it out of there a.s.a.p...
It could also mean they used USB "because" use real time transfer speed is roughly usually around 26mbps in most cases, regardless the author made
alot of assumption and is very narrow minded in his diagnostic, he already made up his mind and just points at the facts that works for his mindset...
You can't really tell if a file was copied through usb/lan/wifi all you can tell is the timestamps in the file, the creation times vs the time the
file was closed so he checked the time it was created, the size of the file and the time it closed and calculated the speed a file would need to be
transferred to fit within those two time boundaries and assumed from there applying normal hacking behaviors...
He didn't take in account it could have been someone that didn't care, they wanted to get in, knew what they wanted and soon as they saw it went for
the grab and didn't care for maintaining access. If all you want is a single file, you just downloaded it a.s.a.p with a good connection speed you
will fetch it before the IT/Sys admin have time to react unless he's already logged in and got alarms on which is unlikely...
Also we don't know the server specs, was it running on a cheap connection, if the server was hooked up to a connection that push less than 26mbps and
then the timestamps shows it was transferred at 26mbps then this then becomes a bombshell, because it would have been impossible to do from the
internet only with physical access to the server, but right now this article proves not much beside assumptions and theories...
I do think the Russia hack thing is bs plain and simple but that forensic guy is fetching...
edit on 10-7-2017 by _R4t_ because: (no reason given)