a reply to: network dude
Your handle is literally "network dude" so I assume you've got access to a network. Let's assume gigabit ethernet with normal-low utilization and two
run-of-the-mill Windows desktops with 5400 rpm drives. That seems like a safe bet for approximating the DCCC office's network.
Fire up robocopy, xcopy or whatever you favor and do a large batch copy. I'll bet you'll get a sustained transfer rate of about 20-25 MB/s.
And like I said earlier, I get ~20 MB/s regularly between VPSes in Houston, TX and Windsor, Ontario (at different ISPs).
The idea that the only thing that could explain an apparent 22 MB/s transfer speed, assuming the gap in the mod times results from a batch file copy,
is copying to a thumb drive, is rather silly. And even if the files were at some point copied to a thumb drive, that could have been done basically
anywhere. They could have been put on a thumb drive by the hackers and handed off to a different department for them to deploy.
And what would explain the multiple independent lines of publicly available evidence for the spearphishing campaign? I've posted stuff from Dell
SecureWorks, FireEye, etc with the data from passive DNS monitoring, the timestamped (link tracking not allowed) shortened URL data pulled from their API, etc that all
strongly and independently evidence the spearphishing campaign. We also know 100% that Podesta's Gmail account was phished. We also know that the FBI
had detected an attack against the DNC and tried (somewhat half-heartedly imo) to get them to move on it. I haven't seen any reporting about it but I
assume they stumbled on it from something like passive DNS monitoring.
And that's without getting into the logs that the FBI would have obtained from involved ISPs, anything coming directly from the DNC/DCCC networks and
whatever scary # the NSA is snooping with. I'm just talking about the publicly available information.
It's ridiculous to believe that the DNC/DCCC wasn't hacked. It's literally known what shortened URL Podesta clicked on, when it was created, when he
received the email, when he clicked on the link, what the link translated to, where that host was located and who else was targeted in the same
It's ridiculous to assert that there was no hacking. So the thumb drive meme is pretty lame on its face. Attribution is something else altogether but
even then, publicly available analysis of the targets, the infrastructure and the MO all point to the Russians.
It was pretty conclusive that either the Russians did it or somebody trying hard to look like the Russians and going after targets that would most fit
the Kremlin's interests.