It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

FBI never looked at the server REDUX

page: 7
51
<< 4  5  6    8  9 >>

log in

join
share:

posted on Aug, 30 2018 @ 02:09 PM
link   
a reply to: verschickter


From the latest data written over every single bit but not the data that is in between the tracks. You should have read the thread before you jumped in.


Yea, yea, yea!


On the topic of recovering overwritten data:

This is a bit outside of my area of expertise but I know enough to know that most claims about the ability to recover overwritten data from magnetic media are drastically overblown.

Basically, you've got this magnetic media with a surface layer of countless itsy bitsy ferromagnetic grains in which are created magnetic domains when data is written. When data is overwritten, the head zips over the disk and creates new domains. However, it never creates them in *exactly* the same place as before.

So what you end up with are weaker residual domains from previous writes in the spaces between.

I assume the best way to read these remnants of previous writes would be to use a specialized, more sensitive head that would be aligned with an ever so minuscule offset so that it's tracking over the fringes. I suppose you'd use some sort of algorithm in attempt to discern a pattern in order to associate the bits represented by these weak residual domains to one another. Maybe some combination of spacing and strength?

That's all great and it sounds super in theory but how well does it work in the real world? You're gonna end up with a bunch of bits that might be part of the same writes in a sector and of course files of any significant size are going to span multiple sectors and sectors will have been utilized unevenly.

And worse, this is going to be shared storage for who knows how many different VMs, in who knows what sort of array spanning who knows how many drives.

An analogy here would be like taking puzzle pieces from thousands of puzzles, dumping them on the floor and hosing them down until all the edges get mushy, randomly throwing away a bunch of pieces and then trying to piece what's left back together to make individual puzzles and then hoping any resulting puzzle (which will be full of holes) is something of interest.

The upshot is this:

This is a wholly absurd argument. If the FBI had gotten the physical drives, the chances that they would have attempted any such recovery are pretty much zero.
edit on 2018-8-30 by theantediluvian because: (no reason given)




posted on Aug, 30 2018 @ 02:16 PM
link   
"forensic" image = you get all bits that are read out by the controller and they are physically on the plate although "deleted" in the sense of, the filesystem has deallocated those bits. This means that the controller will ignore / be unable to read the finer details (= earlier writes on the same track and place)

true data recovery on magnetic discs = you dismount the discs in a overpressurized clean air cabin and mount them on special precision hardware.

Then you read out the "tracks inside a single track" that were made by the less precise original hardware".

The controller on your normal HDD knows that it´s not precise and it will give you the average. That average is precise for the last write because it influences the previous writes. The last write is better to discern and small variations are ignored.



posted on Aug, 30 2018 @ 02:25 PM
link   
a reply to: theantediluvian




An analogy here would be like taking puzzle pieces from thousands of puzzles, dumping them on the floor and hosing them down until all the edges get mushy, randomly throwing away a bunch of pieces and then trying to piece what's left back together to make individual puzzles and then hoping any resulting puzzle (which will be full of holes) is something of interest.


Correct. Very correct if you don´t know what is possible currently with the correct software.

You can research this: I did a pattern recognition in a zoomable(!) gigapan (!) picture from mars to find a 256x256 pixel rock and I did it on a compareably slow connection (50 Mbits) for that task in like under 10 minutes pure processing time.

In 2015 on a standard 4x4GHz, 8MB cache, 16GB DDR-3 1666Mhz machine.

Correct math, algorithms and metadata from previous pattern searches did the trick. Believe it or not, I just linked this lately.

Again, a zoomable gigapan picture. I tell you that with some magic (=advanced (false)AI) I did it without using more than 3 iterations on the zoom dimension.

Not to impress you, just to show you it isn´t that far reached and btw, it´s really done that way if you know what kind of data was on it.

There´s a ton of other stuff you need to do (some of it I wrote about vaguely) in tandem but it works, has been done.

Edit: Star for being civil and actually knowing stuff.

edit on 30-8-2018 by verschickter because: (no reason given)



posted on Aug, 30 2018 @ 02:30 PM
link   
a reply to: theantediluvian



This is a wholly absurd argument. If the FBI had gotten the physical drives, the chances that they would have attempted any such recovery are pretty much zero.


Lol, I have to laugh at this... that is the main reason the physical drives are acquired.
Here is a video of a popular tech youtuber visiting a private data recovery company, if you want to learn something.

edit on 8/30/2018 by efabian because: (no reason given)



posted on Aug, 30 2018 @ 02:33 PM
link   
Too late for edit:

It wasn´t even a full sized dataset (=whole image) I had to process the TCP stream that is coming from the server after the scrolling event that spawned the server to restream the data.

So it wasn´t like shoving a picture and calculating matches, it was criss-cross comparision with custom calculated angles (and their rounding errors) and shapes.

Those shapes where figured out by the (false)AI on the fly so to speak.

Last post Grambler, I appologize If I somehow derailed your thread.
And I mistyped your username the second time now (years ago I did it too by accident).

It just saved as "gambler" forever in my memory banks. I appologize sincerely.



posted on Aug, 30 2018 @ 02:35 PM
link   
a reply to: efabian

Yeah, that´s basically the reason why datarecovery is possible, to do the stuff I wrote



posted on Aug, 30 2018 @ 02:43 PM
link   
a reply to: verschickter
Yeah, you seem to be very well versed in this technical area. A welcome change from the typical "experts".
Impressive stuff.
edit on 8/30/2018 by efabian because: (no reason given)



posted on Aug, 30 2018 @ 02:50 PM
link   

originally posted by: Grambler
a reply to: whargoul

So you admit that it "maybe" should have been the FBI to copy the server, but it was ok for crowdstrike because they hd contracts for the fbi.

But as I understand it crowdstrike had been paid by the DNC to work security for them for a while, so in a sense it was servers thay were in charge of defending that were attacked.

So allowing them to "work the crime scene" on behalf of the FBI would be like having a cop whose wife was killed work the crime scene there.

This should never happen because they are too close to the case and have biases.

In addition, we know the DNC had incentive to blame russia. We know that crowdstrike had blamed russia in other hacks and were wrong.

And again, this gives the appearance of bias or negligence bu the fbi, and they knew that it would. And yet for conveneince sake, they decided that the publics trust in them were worth sacarificing some to not spen a little more time and effort.

Funny, they dont seem to be concerned about time and effort when it comes to going after trump.

-more below-


No the DNC probably had a contract with Crowdstrike, not the FBI. I'm not even going to go down the road of who should have or who shouldn't, I'm not trying to have that argument.

The only thing I am saying is that the process is tried and tested, working off an image is better than working of the actual media (because the image was captured at a specific point of time hopefully as close to the actual event as possible).

I'm not saying trust the FBI, I'm not saying trust the DNC, and I'm not saying trust Trump.



posted on Aug, 30 2018 @ 02:58 PM
link   
a reply to: Grambler

All memory is volatile. If it took your guys 10 days to find the breach, and another 10 to fix it. You need new guys.

Look this other "expert" isn't 100% wrong about data recovery, but that's not how incident response works, and his process costs an arm and a leg. Like literal arm and leg. We are not talking about data recovery though, we are talking about a computer breach.

My agenda is just to educate on computer forensics. You know Deny Ignorance.



posted on Aug, 30 2018 @ 02:59 PM
link   
a reply to: efabian
If I would be more fluid in english and had nothing better to do, I would call out some AI experts here on their google-knowledge because if there is something that pisses me off...it´s when someone acts like a know it all but is full of #.


I do not claim to know it all, I learn everyday.
edit on 30-8-2018 by verschickter because: (no reason given)



posted on Aug, 30 2018 @ 03:02 PM
link   
a reply to: whargoul

Then you should have clarified that you understand the difference way before we got into our little argument.

Btw, I never claimed to be an expert on that topic.

edit on 30-8-2018 by verschickter because: (no reason given)



posted on Aug, 30 2018 @ 03:11 PM
link   
a reply to: whargoul

Hey I welcome your posts.

Although I admit some of you and the others tech talk is a bit over my head.

My contention isnt on this thread that copies dont suffice.

Its that the copy should be done by law enforcement, not by a firm paid for by the dnc.



posted on Aug, 30 2018 @ 03:16 PM
link   
That´s the elephant in the room...

Why isn´t there any media outrage? Aren´t people wondering about that? Or is it drowning in the every days business?

Similar to when you can travel into germany without any passport. Everybody knows it´s wrong, it´s against the law but most of the politicans just ignore that..

Isn´t there any law or rule that says aquiring evidence is the job of the investigating bureau without using private entities??



posted on Aug, 30 2018 @ 03:19 PM
link   
a reply to: theantediluvian


Desperately clinging to this "but the servers!" talking point in an effort to continue believing that CrowdStrike fabricated everything is wanton willful ignorance.


Then why would the FBI themselves state explicitly

" The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated." and “We’d always prefer to have access hands-on ourselves if that’s possible”?



posted on Aug, 30 2018 @ 04:49 PM
link   
a reply to: Grambler


Thank you for your input as always.

However, I must say that this post mostly seems unresponsive to anything in the OP.


I just wanted to preface any other comments with an explanation of why this isn't something to get hung up on in the first place.


The same here. Just because Russia was doing this stiff in in 2015 doesnt mean there were the source for the hack of the wikileaks dump.


That's one of the things I listed and it demonstrates that there was evidence of the Russian op independent of and predating by months, CrowdStrike's involvement.

The rest of the items in the list all provide evidence within a timeframe of basically March-July of 2016.



posted on Aug, 30 2018 @ 05:00 PM
link   
a reply to: verschickter

Alright im not real tech savvy, but what I picture of what your speaking would be like a player piano that reads from image of the notes on an actuator. Your saying there could be more imprints on that log that wont show up without the precision of the actuator and proper contrast? You talk about a better head that can decipher the image with the erases, that begs that question could a lesser head be purposely used?



posted on Aug, 30 2018 @ 05:33 PM
link   
a reply to: NiNjABackflip

The DNC didn't give the FBI direct access. They FBI claims that they stressed to the DNC that they wanted direct access. The former DNC leadership claims otherwise.

Let's believe Comey and the FBI here (in this thread only, in every other thread we must assume they are the deep state anti-Trump liars who would stop at nothing to hurt Trump) and stipulate that the FBI did in fact ask for direct access and were rebuffed.

None of us have any idea why the DNC made that decision so we're left guessing. Now there are a number of reasons why they might not have wanted to do that. You clearly find it suspicious so I would assume that you think that there is a sinister motivation. Of all the potential reasons, there are a number of unsavory possibilities.

So what *actual* evidence is there that *the reason* the DNC didn't give the FBI direct access is that CrowdStrike faked evidence?

Do you see the circular reasoning here?

It's suspicious that the DNC didn't give access to the FBI.
One possible reason could be that CrowdStrike fabricated forensic evidence.
The DNC didn't give access to the FBI therefore the most likely explanation is that CrowdStrike fabricated forensic evidence.


So we have no actual evidence that CrowdStrike faked anything. On the other hand, we have mountains of evidence that the DNC was hacked coming from a variety of sources, much of it beyond the capability of CrowdStrike to fabricate. Furthermore, significantly, the evidence not only doesn't conflict with what CrowdStrike provided, it corroborates it.

How is therefore reasonable to disregard all the evidence to the contrary to embrace an alternative theory (being generous) that is supported on suspicion and illogical conclusion?



posted on Aug, 30 2018 @ 05:46 PM
link   

originally posted by: verschickter
a reply to: whargoul


verschickter:
Imagine you write stuff on a sheet of paper with removeable ink on a typewriter. The paper is your harddrive. Now let´s say you wrote 5 pages on that single sheet of paper. Each time you reset the paper you wrote on to the top, you erase all the written ink letters so you have a "clean" sheet of paper. Now you copy the sheet of paper with a scanner/copy machine and send it away. Your original paper will still hold the imprints from all the other times you wrote. The copy will not.


What crowdstrike did was SCAN THE PAPER and that´s BY FAR not what´s really recoverable on the disk. The FBI should have got the original, not a cheap photocopy. Try to understand that.





So they found the information they needed with out doing data recovery but you are arguing they should have took the server from the victim in order to do a data recovery that wasnt needed?



posted on Aug, 30 2018 @ 07:28 PM
link   
a reply to: theantediluvian


All of that ignores the issue.

You have no answer to why the DNC wouldnt let them have access to the server, and why the FBI didnt insist upon it.

The only answer you have given is perhaps the DNC wanted to hide something else.

This shows that the copy that the dnc authorized crowdstrike to send could not have been a complete replica of everything on the DNC server

Here is a scenario.

I get hacked. The fbi is going to help me and wants to look at my server.

I have a naked photo of myself on my server, and dont want the fbi to see it.

How would hiring a firm to make an exact 100% replica of that server and giving them that going to help my situation at all? Seeing as how it is an exact copy, the FBI would still, see the nude photo of me.

The only way a copy would solve my dilemma is if it WASNT an exact copy, and didnt include the nude photo of me.


So if your reason for why the DNC didnt want the fbi to see their server is because they were hiding something else, this proves the copy wasnt identical to the server.

Your argument is "doesnt matter. Other evidence proves it was russia"


But two points that I will elaborate on in upcoming posts.

1. That evidence isnt as definitive as you suggest. Much of it is based on info gathered from crowdstrike =, which wouldnt solve the dilemma here because it may not have been an exact copy of the server, and much is based on prior russian attempts, which doesnt prove they did this hack.

I will leave this here for now, but I dont want you to think I am ignoring it and will respond later.

2. Even if you are right that this was russia, there are problems if the FBI didnt get a 100% replica of the server from crowdstrike.


The point is that without being able to show any negative whatsoever for the fbi looking at the physical server, all people have to do is show that there was any amount of benefit to looking at the server, however small, to prove that the FBI do not act in the best possible way.

In other words, they acquiesced to the DNC over using all the tools available to them to solve this crime for the American people.

Proving that solving russian interference was not the top priority of the FBI.


edit on 30-8-2018 by Grambler because: (no reason given)



posted on Aug, 30 2018 @ 07:46 PM
link   
a reply to: theantediluvian

Now point 2. from above first.

Here we are assuming it was russia that hacked the dnc.

There are still reasons that the FBI not being allowed to look at the server is bad.

1. The FBI and IG have both admitted that given the political nature of this case, it is important to look unbiased and thorough.

The FBI had to know that by acquiescing to the DNC and not looking at their server, and instead only using a copy provided by a company they paid for, people would have the perception that this was biased or not as thorough as it possibly could have been.

Why risk this if there is no downside to looking at the physical server?

2. Even though we know (in this scenario) that it was russians, we dont know the exact russians it was. For example, people claim this was personally ordered by putin, but I have seen no evidence. By getting any more evidence from the server, even a shred, it may have help specify exactly which russians, further allowing the guilty to be identified and punished if at all possible.

Why risk this if there is no downside to looking at the physical server?


3. The same can be said of learning the exact methods of the hack. The more evidence gathered, the more defense could be built by learning the exact methods, codes, signatures etc. that were used and how to defend and recognize them in the future.


Why risk this if there is no downside to looking at the physical server?

If the FBI knew there was aa chance of any of these three (or any possible benefit, no matter how small), and there was absolutely no downside whatsoever to looking at the DNC server, and still they didnt do it;

That proves the FBI did not have solving russian interference as there top priority, and they were willing to appease the DNC above that.

This is why you stance of "We know it was russians from other evidence, so there is no need to question why the FBI didnt look at the DNC server" is not a good one to have.



new topics

top topics



 
51
<< 4  5  6    8  9 >>

log in

join