Mueller Indicts 12 For Russian Hacking

a reply to: toysforadults

You get the impression from his posts over the years that he is a spook. One that is well-read and educated.

originally posted by: carewemust
a reply to: toysforadults

You get the impression from his posts over the years that he is a spook. One that is well-read and educated.

And very very biased.

a reply to: Xcathdra

So how did crowdstrike figure out it was the Russians anyway?

Was there a message on the servere that said, "hey we are the Russians and we hacked you l337"?

I mean how did they trace the IP back to the Russians?

Could they not have performed this "hack" from Canada from a stolen laptop?

a reply to: carewemust

I'm on a cellphone or I would quote where the "we at the FBI"

Or whatever was mentioned it was page 12 or 13 around there

a reply to: Xcathdra

You just keep repeating the same flimsy talking points and matter-of-factly stating things that are either flat out wrong or you don't/can't say with authority.

No - Crowdstrike did the "analysis" of the server however no law enforcement agency performed an analysis

You have no idea if who did what with what beyond CrowdStrike. You know that the FBI wasn't given direct access to the servers at the time the hack was discovered. That's it.

The "hack" is based entirely on crowdstrikes result and as someone else pointed out crowdstrike already had to retract its findings.

Wrong and Wrong. What's being referred to is a report put out by CrowdStrike about malware in an app used for munitions targeting by Ukrainian forces. They guy who headed up the CrowdStrike DNC response had nothing to do with that report either FTR.

More importantly, there is ample publicly available evidence that you continue to choose to ignore because you don't know want to acknowledge it or you're not equipped to consider it. I linked some of it above.

Beyond that, hacking doesn't happen in a vacuum. The command and control servers (aka C&C aka C2) were located inside the US. One of them at a datacenter in Arizona and it looks like another in Illinois (I've been too busy trying to counter your disinfo campaign here to read the whole indictment lol).

From the indictment, it's pretty clear that law enforcement got their hands on the C&C servers. They detail actions taken on the servers that could not be known by CrowdStrike, like updating the "AMS" panel *and* they know who did it and when. With access to the C&C servers, they could *easily* corroborate what was found by CrowdStrike. They could literally see when the implants on the DNC and DCCC servers were phoning home and from where. They even detail when specific commands were issued through the C&C servers and what was obtained from where and when.

That's without even getting into things like router logs. That's without getting into cooperation from the ISP where they had their VPN.

and the report crowdstrike released was analyzed and it was discovered download speeds are consistent with a direct transfer of files (pc to USB) and NOT internet download speeds. Given the fact it would have been an international connection the speeds would have been even lower.

Wrong, wrong and wrong.

The "analysis" was done on an archive of files stolen from the DCCC obtained from some p2p source. The "download speeds" as you call them is actually a number arrived at through a series of assumptions and glaring dismissal of more plausible explanations.

The files have different mod times. The mod times show the last time the file was modified. The files are within a range and plotted on a line, have gaps in between them. The first assumption is that the mod times are the result of a batch copy as opposed to individual copying of files from point to point. Another assumption is that there are missing files that account for gaps. Then the author adds up the gaps, deducts that from the total range of times. Then takes the result and divides the total size of all files by that time to arrive at a hypothetical transfer speed. Then makes an estimate of the hypothetical missing file sizes by basically going in reverse with the "gap time."

Then there's the worst assumption of the bunch, that only transfer to a USB thumb drive could account for the estimated transfer speed of the hyopthesized batch copy that may or may not have been a real thing.

That's simply not the case. I showed in an earlier thread, screen shots of file transfers I did between a VPS in Houston, TX and another in Windsor, Ontario (encrypted, using scp) which were (from memory) like 19 MB/s. The idea that 22 MB/s is somehow an unusual transfer speed on the Internet is ridiculous on its face.

Furthermore, as I have also explained, and anyone with two computers on a gigabit lan can test themselves, ~20/25 MB/s is not at all unusual for transferring between computers on gigabit ethernet, particularly between a couple of windows boxes with 5400 rpm drives.

You can test it yourself.

There's absolutely nothing in the "analysis" that rules out transfers from one computer to another inside the DCCC network, transfer from a computer inside the network to a C&C server, transfer from between any other two servers on the Internet. Transfer between two computers on the hacker's lan, transfer from computer to USB at hacker HQ or even a later transfer having nothing to do with the hacker.

There are a myriad of equally and more plausible scenarios, including that there was no batch copy operation to begin with.

How many times are you going to repeat this easily debunked claim?

How can the FBI do so, when they weren't allowed to do the " I " part of their name with regards to the server?

ETA: I notice Anti clears it up above, without sources and what seems to be speculation.

a reply to: toysforadults

They said it was Russia by the malware that was used. Apparently Russian hackers are so incompetent that they can hack the DNC but not hide their ip addresses or software used.

Also remember their were claims made leading up to the elections several states had their voter rolls info accessed by "Russians". In those cases the ip was actually traced back to DHS computers and not russian.

a reply to: theantediluvian

So if they didnt get in cooperation with the ISP how could they know where or what source IP was used?

So you think that my routers IP and MAC address are actually the IP and MAC address that you see when I spoof my mac and ip for a man in the middle attack or when I DNS poison?

Sounds unlikely!!

originally posted by: AndyFromMichigan

originally posted by: toysforadults
a reply to: Xcathdra

So how can Meuller even file an indictment without forensic evidence?

Those disk drives need to hashed and DD'd and then there is a step by step process for creating a court proceeding when it comes to technology

This case is going nowhere

Remember the first batch of Russian indictments, when one of the defendants showed up in court to plead "Not Guilty"?

The defendant never showed up.

He retained a US Law firm to show up on his behalf so he would not risk being arrested.

They then asked for detailed evidence.

It was a fishing campaign to find methods/sources/moles.

a reply to: Xcathdra

Pretty sure they could just use a stolen laptop in Canada and not even spoof the ip/ mac address

a reply to: theantediluvian

Its doccumented why the DNC chose crowdstrike, criowdstrikes report on what they found, the fact the FBI was barred from the server in question. The download speeds of the info was also released by crowdstrike and independent groups noted the speeds are local and not internet download speeds.

So if you have issues take it up with the DNC and crowdstrike.

finally no law enforcement agency forensically examined the server. The DNC absolutely would not allow it.

originally posted by: Xcathdra
a reply to: toysforadults

They said it was Russia by the malware that was used. Apparently Russian hackers are so incompetent that they can hack the DNC but not hide their ip addresses or software used.

Also remember their were claims made leading up to the elections several states had their voter rolls info accessed by "Russians". In those cases the ip was actually traced back to DHS computers and not russian.

And remember that vault 7 revealed that the CIA can spoof malware to look like someone elses.

This is all handwaving to make sure you ignore the fact that the DNC destroyed democracy.

a reply to: soberbacchus

and the SC has thus far ignored 70 motions for discovery in those cases.

They can either turn over the evidence in question as required by Brady or the charges can be dismissed with prejudice.

a reply to: Xcathdra

Heres what I would do if I was Russian, I would go to France, find some chicks and "play game" with them and get all wasted and sleep with them

Steal their laptop then go to a different part of the city and access the satabase from there

I mean considering this an obviously well funded oegabized attempt I wouldnt rule that possibility out

a reply to: toysforadults

Or they could have used the Awan brothers who were IT staff for 40 democrats with full access to the system.

I still believe the Awans are ISI assets.

I think Seth Rich was the leak fo the DNC info. I also think he might have discovered what the Awans were doing and was silenced to prevent the info from coming out.

a reply to: Wardaddy454

Christ, I can do that in 2 min by running my proxy through Russia, then trash talk from there, like a basement dwelling fat kid from 4chan.

According to Rosenstein...

There is no allegation in the indictment that any American was a knowing participant in the alleged unlawful activity or knew they were communicating with Russian intelligence officers. There is no allegation in the indictment that the charged conduct altered the vote count or changed the outcome of the 2016 election.

16 pages in folks. 16 pages. Russians were indicted for hacking. It happens all the time but had NOTHING to do with Trump. NO collusion and no vote hacking.

originally posted by: theantediluvian
a reply to: network dude

Your handle is literally "network dude" so I assume you've got access to a network. Let's assume gigabit ethernet with normal-low utilization and two run-of-the-mill Windows desktops with 5400 rpm drives. That seems like a safe bet for approximating the DCCC office's network.

Fire up robocopy, xcopy or whatever you favor and do a large batch copy. I'll bet you'll get a sustained transfer rate of about 20-25 MB/s.

And like I said earlier, I get ~20 MB/s regularly between VPSes in Houston, TX and Windsor, Ontario (at different ISPs).

The idea that the only thing that could explain an apparent 22 MB/s transfer speed, assuming the gap in the mod times results from a batch file copy, is copying to a thumb drive, is rather silly. And even if the files were at some point copied to a thumb drive, that could have been done basically anywhere. They could have been put on a thumb drive by the hackers and handed off to a different department for them to deploy.

And what would explain the multiple independent lines of publicly available evidence for the spearphishing campaign? I've posted stuff from Dell SecureWorks, FireEye, etc with the data from passive DNS monitoring, the timestamped (link tracking not allowed) shortened URL data pulled from their API, etc that all strongly and independently evidence the spearphishing campaign. We also know 100% that Podesta's Gmail account was phished. We also know that the FBI had detected an attack against the DNC and tried (somewhat half-heartedly imo) to get them to move on it. I haven't seen any reporting about it but I assume they stumbled on it from something like passive DNS monitoring.

And that's without getting into the logs that the FBI would have obtained from involved ISPs, anything coming directly from the DNC/DCCC networks and whatever scary # the NSA is snooping with. I'm just talking about the publicly available information.

It's ridiculous to believe that the DNC/DCCC wasn't hacked. It's literally known what shortened URL Podesta clicked on, when it was created, when he received the email, when he clicked on the link, what the link translated to, where that host was located and who else was targeted in the same campaign.

It's ridiculous to assert that there was no hacking. So the thumb drive meme is pretty lame on its face. Attribution is something else altogether but even then, publicly available analysis of the targets, the infrastructure and the MO all point to the Russians.

It was pretty conclusive that either the Russians did it or somebody trying hard to look like the Russians and going after targets that would most fit the Kremlin's interests.

internet upload speed. When you get your new 100mb internet, it's usually displayed like this 100/50. The 50 is your upload speed. Symmetrical vs, Asymmetrical. Now I don't know what the speed at the DNC was at the time, and perhaps they had some amazing fiber link that wasn't available to the rest of the country at the time, but it does matter and unless they had the holy grail of ISPs, they likely had what the rest of us could get.

I don't know a lot about a lot, but this, I know, and if you really want to get into it, I can explain it to you. But before you go telling me my business, get your facts straight.

Now, if you are interested in the truth, and not just your political nose up the left side of someones ass, you can dig into that aspect of things. It's the key to knowing if the hack was possible or not. If you are just the partisan hack I assume you to be, ignore that, and go tell everyone how much you know about internet upload transfer speeds.

a reply to: Xcathdra

Totally agree

It would make no sense for Russian hackers to be sitting in the Kremlin using their own IPs on their computers without using several proxies or relocating to a different country

a reply to: network dude

But, but ....

Its pretty Damn obvious it eas Seth Rich and I tha k him for exposing the pedophilia and other sick # happening with these scumbags