Thursday, July 19, 2018

"The Russians did it" -- speculation or fact ?

BACKGROUND:
Who did Russia want
as the US president 
in 2016?

I think the answer is obvious
-- another Democrat, 
who was like Obama:
(1) 
Obama looked 
the other way as Russia
grabbed Crimea, and 
eastern Ukraine, 
(2)
Obama drew a red line 
in the sand in Syria, 
and then backed down 
to let Russia rescue Assad, and
(3)
Obama sent $1.5 billion 
to Russian ally Iran 
for an empty promise
to stop their
nuclear program.

The claim that Russia
wanted Trump, a tough guy
who wanted a lot more
US military spending,
to be the next US president,
makes no sense to me.

Of course after the 
surprise election result,
Putin claims that he 
had favored Trump, 
knowing that claim
will anger a lot of Americans
and hurt Trump's reputation.

In fact, if you look at the Trump
relationship with Russia
after the election, it's 
very obvious he has been
tough on Russia -- challenging
them in Syria, sending heavy
arms to the Ukraine, and 
killing and wounding
several hundred Russian
mercenary troops fighting
for Assad in Syria.


SUMMARY:
Twelve Russian spies 
have been indicted
for hacking the
Democrat National 
Committee (DNC),
and other interference
with the 2016 US election
(which did not involve 
any Americans).

Russian interference,
that we know of,
consisted of the lame
Russian internet trolls
with their Facebook ads,
and the usual spying
and hacking that
has gone on 
for many decades.

The Russian meddling
was incompetent,
having no effect
on election results.

I wondered why 
this indictment
did not come 
one year ago.

Perhaps Robert Mueller
needed another year
to gather evidence
that could convict 
the Russian defendants
in court ?

The timing is suspicious!

My guess is that Mueller
wanted to embarrass Trump
just before his summit
with Putin?

So far, real evidence,
assuming it exists,
has not been revealed
to the American public,
and I suspect 
it does not exist.

I have several big issues 
with the indictment:

-- It is a 'show indictment'
because everyone knows
there will not be a trial
making this a smarmy
prosecution
(because most people
assume indicted
people are guilty,
instead of assuming
they are innocent.)

Indictments are also
too easy to get
(an indictment 
only means that
a grand jury thinks
there is a case
 -- it is said that
a good prosecutor
could indict 
a ham sandwich!)


Here are 
my two issues:

(1)
No evidence 
has been presented,
so we have no idea
if any of the claims 
could ever be 
proven in court.

No evidence 
will ever be presented,
because there will be 
no trials.

We just have to 
trust Mr. Mueller, 
and his team 
of 13 angry Democrats
 -- and I don't trust them !



(2)
Are Russian government spies 
such unsophisticated hackers
that they left an electronic trail 
back to themselves?

No way ! 
They are most likely 
among the best hackers,
in Russia, easily able 
to leave a false trail 
to another country
(our CIA can do that too).

There was no reason 
to leave a trail back to Russia, 
unless they wanted us to know,
which doesn't make any sense.

Did Russia's GRU
(Russian military intelligence)
and FSB 
(Russian Federal Security Service,
that replaced the KGB)
try to spy on Americans
by hacking computers,
and have they had 
some successful hacks ?

Of course they did !

That's what spies do !

I'm very confident
they've been doing that
since Al Gore invented
the internet !

Did the specific Russians 
named in the indictment
successfully hack the DNC,
and get valuable blackmail material
for use AFTER Hillary was elected,
which everyone expected?

Assuming the Russians 
did get DNC eMails,
which is possible,
why wouldn't they save them
for after the election,
to blackmail President Hillary?

Would they just give 
their blackmail material
away to WikiLeaks 
BEFORE the election?

That would make no sense.

I doubt if we will ever
know the truth about how
WikiLeaks got the eMails.




Here are the reasons
I doubt that the specific 
Russians indicted 
were the source of
WikiLeaks' DNC eMails: 
(a)
WikiLeaks says
the DNC eMails
came from a DNC employee.

Should we trust WikiLeaks?

Well. when compared 
with the dishonest Clintons,
and the DNC, I trust WikiLeaks 
a lot more.

WikiLeaks has an excellent reputation
for never publishing fake information,
which is not easy to do,
and never revealing their sources.

WikiLeaks claimed 
they got the eMails
from a DNC insider
who was unhappy 
about how Bernie Sanders 
was treated -- the information
allegedly came to WikiLeaks
on a flash drive.

Some people thought the leaker
was Seth Rich, a DNC employee
later murdered on the streets
of Washington, DC, at night,
with none of his valuables taken.

Julian Assange of WikiLeaks
fueled that theory by offering
a $10,000 reward for information
leading to Rich's killer(s). 

But, since WikiLeaks has never 
revealed its sources,
I don't believe they
would mention Seth Rich's name 
if he was really their source.

We'll never know the truth.



(b)
The DNC never allowed
the Obama FBI and CIA, 
headed by people who 
strongly preferred Hillary,
to examine their computers 
and servers, and verify that
"the Russians did it".

All reports and data given 
by the FBI and CIA had been
filtered through CrowdStrike, 
who was hired by the DNC,
and that is very suspicious. 



(c)
CrowdStrike's main 
claim to fame 
is "hacking attribution" 
-- they'll tell clients who did it,
but that alleged skill is a fraud.


They just tell their clients
what they want to hear,
rather than the truth,
which is "we don't know",
in a way that can never
be verified.

When a big data loss 
is announced, 
victims want to know 
who did it.

Honest cyber-security experts 
rarely know because they
almost never catch 
the hacking while it is
in progress.

CrowdStrike 
falsely claims 
they can identify 
the hacker, 
and then they blame
the governments of 
China, Russia, Iran
or North Korea,
knowing those four nations
will never confirm or deny
the CrowdStrike claim, 
and will never cooperate 
in any investigation ! 

CrowdStrike attribution claims 
can never be verified, 
or falsified -- they are a fraud.




(d)
After just one day of 
DNC forensic analysis,
CrowdStrike declared
"Russia did it".

According to CrowdStrike,
within 10 seconds 
its software “found” 
the DNC culprit !

But, in reality, attribution of 
computer network intrusions 
to specific actors
is universally accepted 
as a VERY difficult problem. 

Reasons:
-- Malware components 
are often the same, or similar,
because hackers 
will sell code to each other, 
and frequently open source it. 

-- Hackers can use 
an intermediate computer, 
anywhere else in the world,
to divert attention 
from their own computer. 

Intrusions usually start 
after hackers obtain 
some insider’s password 
or trick a user 
into installing malware 
on his computer 
inside of a network. 




DETAILS:
CrowdStrike was called by the DNC
after a suspected a breach 
in its network, in early May 2016. 

CrowdStrike announced 
there were two breaches 
by “two separate Russian 
intelligence-affiliated 
adversaries” 
-- Fancy Bear (APT28), and
-- Cozy Bear (APT29). 

CrowdStrike suggested 
Fancy Bear belongs to GRU 
(Russian military intelligence)
and Cozy Bear belongs to FSB 
(Russian Federal Security Service,
that replaced the KGB). 



The mainstream media 
claims that the “DNC hack” 
has been confirmed by multiple 
private security companies, 
and also by the US 
"Intelligence Community 
Assessment (ICA)" 
published January 6, 2017.  

But all these "confirmations" 
are based on the same data, 
from the same source: 
CrowdStrike. 

The actual reports, 
from IT companies 
other than CrowdStrike,
included limitations, 
qualifications, conditions, 
and/or limited confidence in
he 'Russia did it' conclusion. 

Obama’s initial request 
for the ICA report 
was highly biased too
-- he demanded
an “intelligence report 
assessing RUSSIAN 
activities and intentions 
in recent U.S. elections.” 

There is too much evidence 
that CrowdStrike's attribution 
to Russia for the DNC eMails
that were given to WikiLeaks,
contradicting WikiLeak's claim,
was a wild guess, and a fraud 
that could never be proven
in court.

CrowdStrike gave the DNC and 
Hillary Clinton what they wanted
to hear, because they used
the "Russia did it" claim to 
tell the public that Putin 
wanted Trump to win --  
something that can only hurt
a candidate for US president.




2016    CrowdStrike  /
           DNC  Timeline:
Apr 29, 2016 – 425 eMails are leaked. 
                         DNC notice suspicious activity.


Apr 30+ – Leaks continue at high level.


May 4 – DNC calls in CrowdStrike.

May 5 – CrowdStrike installs software.

May 6 – CrowdStrike identifies “Russia” as hacker.


May, 3rd week – Leaks continue, 
                            up to ~1500/day.


May 26 and later – No leaks


Jun 10-12 – CrowdStrike “cleanses” 
                      the DNC system.


Jun 14 – DNC announces the hack, 
                  and blames Russia.


Jun 15 – “Opposition research” document 
                     released by “Guccifer 2.0”.


Jun 18-Jul 14 – Guccifer 2.0 
                           releases more documents.


Jul 24 – Hillary starts to malign Russia.


Aug 25 – Hillary makes very aggressive 
                    anti-Russia speech.


Aug 30 – Harry Reid accuses Putin 
                  of attempting to rig 
                      the US election.


Oct 7 – Obama publicly accuses Russia 
                    of cyber attacks on US election systems, 
                       and the democracy itself, 
                       ... but does nothing to stop them.



CrowdStrike's  Strange  History
of Hacking  Attribution  Fraud,
and Connections to Mueller:

In 2011, Dmitri Alperovitch, 
a former McAfee VP,
falsely claimed that 
advanced malware families 
are unique to hacker groups, 
and that the hacker groups 
can be identified 
by the kind of malware used.  

Alperovitch also
falsely claimed 
he could identify
a foreign government 
behind most intrusions. 

Alperovitch met a person 
who fell for his trick: 
Shawn Henry. 

Henry was the
executive assistant director
to Robert Mueller, 
who appointed him in 2010. 


In March 2012, Shawn Henry retired 
from the FBI to join Alperovitch 
and George Kurtz in CrowdStrike. 

Shawn Henry is currently president
of CrowdStrike Services & its CSO.

From its beginning in 2012, 
CrowdStrike has used a
fraudulent attribution methodology 
to attract publicity, and customers.

Alperovitch falsely pointed a finger
at the governments of China, Russia, 
Iran, or North Korea. 

CrowdStrike clients like 
their attribution claims: 
Being hacked by the China  
or Russia government 
sounds a lot better than 
being hacked by some teenager 
in his basement.

When CrowdStrike 
encountered 
a new type of malware, 
the first thing it did 
was a national attribution, 
reflected in their name 
for the hacker group.

Alleged Russian groups 
were given a name 
ending with Bear. 

Steven Chabinsky, 
a Deputy Assistant Director 
of the FBI Cyber Division 
under Robert Mueller, 
was hired by CrowdStrike 
in September 2012.  

He became CrowdStrike’s 
general counsel, 
and chief risk officer. 


By its own admission, 
CrowdStrike watched over 
the activities of two teams 
of alleged Russian hackers 
from May 6 until early June. 

Just watching them
doesn’t make sense. 

The DNC’s IT department 
should have shut down 
their Internet connection, 
then changed all passwords, 
and sanitized all computers.  

There were 14,409 eMails 
in the WikiLeaks archive 
with dates AFTER
CrowdStrike’s installation 
of its security software. 

That means more eMails 
were hacked AFTER 
CrowdStrike’s discovery 
on May 6, than BEFORE. 

In CrowdStrike’s 
original announcement 
that “Russia” hacked the DNC, 
Dmitri Alperovitch said, 
on the one hand, that the 
“tradecraft” of the hackers 
was “superb” 
and their “operational security 
was second to none” 
... but if that was true, 
how was CrowdStrike
immediately able 
to attribute Russia ?


The CrowdStrike company, 
and similar “solutions peddlers”, 
usually build their case on a chain 
of very weak assumptions. 

Malware is frequently 
attributed to Russia 
because Russian words 
or Cyrillic fonts are found in it, 
or in earlier versions of it. 

But Russian is the mother language 
for many people living in Ukraine, Belarus, 
Kazakhstan, Estonia, Latvia, and Lithuania, 
and tens of millions of emigrants 
all over the world, including in the U.S.