Page 2 of 3 FirstFirst 123 LastLast
Results 13 to 24 of 27
  1. #13
    Join Date
    Feb 2009
    Location
    Frederick, MD
    Posts
    44,117
    Blog Entries
    4

    Re: (Alleged) Russia/Trump Scandal



    Quote Originally Posted by NCRAVEN View Post
    1. I'm going to make a prediction. This topic will not go away Trumps whole Presidency, however long that may be. And that will happen because we'll never get definitive answers, just a lot of speculation. Cause as Wicked says, there's a lot of smoke just not fire.

    2. Question for you Wicked (trying to educate myself). I remember in an earlier thread you mentioned to Dade that the Russians were better at hacking than the Chinese, cause the Chinese didn't care if you knew it was them and the Russians will make it look like it was someone else ( I believe you used a burglar analogy).

    When you take that in to account, and I just saw this story WikiLeaks release shows how the CIA uses computer code to hide the origins of its hacking attacks and 'disguise them as Russian or Chinese activity' - how is it you say you know the Russians did hack the servers?
    There are two "groups" that I (and many in the cybersecurity/infosec industry) believe are the best. The USA and the Russians. I don't think it should be a surprise at all that the top antivirus software companies are based out of the US and Russia - McAfee and Kaspersky, respectively. In fact, Eugene Kaspersky has direct ties to the Russian FSB, which is essentially a modernized arm of the former KGB.

    I know that the Russian's successfully compromised multiple DNC network assets because of the malware used to establish persistence on the DNC network (Advanced Persistent Threat, APT).

    Here is a good blog by Crowdstrike that details APT28 (aka Sofacy, aka FancyBear), which is the Russian group that compromised the DNC.

    https://www.crowdstrike.com/blog/who-is-fancy-bear/

    The way that we track espionage groups is through their tools that they use for their operations. For example, XAgent (as described in the blog) is a tool that has only been used by APT 28. Another good example would be Turla, which is a malware tool used by another Russian group that conducts similar activity to APT 28. Both XAgent and Turla are highly sophisticated malware families and are not found on the open internet - this is often what differentiates tools used by espionage/APT threat actors and tools used by cybercriminal threat actors. Chinese APT threat actors have their own tools that they exclusively use as well.

    In any cyber attack, you have to consider a lot of different items: Attack Vector (email-based such as phishing, spearphishing, web-based such as SQL injection), the malware used (commodity vs customized), and the exfiltration point (i.e., identifying where the stolen data is going - domain, IP address). The thing with attack vectors is that there are only so many ways to get into a desired network/system and attacks that leverage network scanners with web-based/server-side attacks such as Brute Force and SQL Injection are really "loud" in the sense that most intrusion detection appliances (firewalls) are going to identify those attacks, log them, and then defend against them. Spearphishing, as I'm sure you know, is a lot more subtle and depending on how good the attackers are, it would completely bypass any mail filters or mail server security mechanisms. In many cases, really sophisticated threat actors that use spearphishing for nation state/APT attacks are planning these things out well in advance and researching their targets for long periods of time. Spearphishing is very hard to defend against because one can never account for human error. If you were to get a convincing email from your boss or colleague asking you to open up something, most people don't think twice about it.

    Tools used by cybercriminals (banking Trojans such as Panda Banker, Zeus, Citadel, Vawtrak, Pony, etc) are available on Darknet forums and marketplaces. When people think about the Darknet, they commonly think of Tor browser (The Onion Router) and Silkk Road. Now, Silkk Road was taken down by law enforcement a few years ago and it was primarily used for selling drugs, weapons, human trafficking...a lot of nasty shit. However, there are dozens of other marketplaces just like Silkk Road that still exist on the Darknet - and this is where you can go to buy malware tools like banking trojans, exploit kits, stolen credit card information, and so on.

    Attribution is incredibly difficult and though there are ways to identify an attacker pretty effectively, they violate a lot of US cyber laws (and international cyber laws). So, the best way (right now) for those of us in the cyber industry to identify and track specific activity, is by using forensic analysis on the actual malware samples pulled off of infected networks and then trying to pro-actively create early warning mechanisms and better detection mechanisms either through writing Snort signatures (how antivirus detections work) or through YARA signatures, which is more "rules" based - i.e. "if a file with XYZ appear, quarantine it".

    So, I say all of that to say that I think the CIA is capable (as is the NSA) of performing those types of actions and disguising it as Russian or Chinese activity. However, I think it is far more likely that the attacks against the DNC were committed by Russia.

    Think about it, who would be more friendly to the CIA - Hillary? Or Trump? Hillary has so many damn skeletons in her closet, the CIA would have no trouble leveraging those things against her to make sure they were able to maintain their own objectives. Trump may have a lot of skeletons in his closet, but he sure as shit doesn't seem to care about them and he's totally unpredictable.
    Last edited by wickedsolo; 03-31-2017 at 11:33 AM.
    Disclaimer: The content posted is of my own opinion.

    RIP #25





  2. #14
    Join Date
    Feb 2009
    Location
    Frederick, MD
    Posts
    44,117
    Blog Entries
    4

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by HoustonRaven View Post
    Members of both parties who occupy their respective Intel committees in Congress all seem to agree on two things: that Russia meddled in the election but that the meddling didn't affect the outcome.

    Unless there's stark evidence to the contrary, I don't see how any of us can claim that their efforts did indeed affect the outcome of the election.

    That said, they do need to investigate that and the Trump's camp contacts with Russian officials.

    Comey seems to be up to the task and the House Intel committee seems motivated as well.

    I will reserve judgement until their duties are done.
    Of course they're going to say that. Both parties have skin in the game to ensure that the "democratic way" is impenetrable.

    As of right now, no one can definitively say one way or the other that the DNC leaks did - or did not - impact the outcome of the election.

    Now, I fully endorse the idea that the ultimate culprit for Hillary losing the election is because she's a gigantic turd and ran a horrible election. However, I am not willing to say that the DNS leaks didn't impact voters...especially those that may have been on the fence or were perhaps Bernie Sanders supporters.
    Disclaimer: The content posted is of my own opinion.

    RIP #25





  3. #15
    Join Date
    Sep 2009
    Location
    Clayton,NC
    Posts
    9,276

    Re: (Alleged) Russia/Trump Scandal

    That loud noise was all the hacking info flying right over my head.

    Thanks Wicked
    We are all born ignorant, but one must work hard to remain stupid. - Benjamin Franklin





  4. #16
    Join Date
    Feb 2009
    Location
    Frederick, MD
    Posts
    44,117
    Blog Entries
    4

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by NCRAVEN View Post
    That loud noise was all the hacking info flying right over my head.

    Thanks Wicked
    Anytime! lol.
    Disclaimer: The content posted is of my own opinion.

    RIP #25





  5. #17

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by wickedsolo View Post
    There are two "groups" that I (and many in the cybersecurity/infosec industry) believe are the best. The USA and the Russians. I don't think it should be a surprise at all that the top antivirus software companies are based out of the US and Russia - McAfee and Kaspersky, respectively. In fact, Eugene Kaspersky has direct ties to the Russian FSB, which is essentially a modernized arm of the former KGB.

    I know that the Russian's successfully compromised multiple DNC network assets because of the malware used to establish persistence on the DNC network (Advanced Persistent Threat, APT).

    Here is a good blog by Crowdstrike that details APT28 (aka Sofacy, aka FancyBear), which is the Russian group that compromised the DNC.

    https://www.crowdstrike.com/blog/who-is-fancy-bear/

    The way that we track espionage groups is through their tools that they use for their operations. For example, XAgent (as described in the blog) is a tool that has only been used by APT 28. Another good example would be Turla, which is a malware tool used by another Russian group that conducts similar activity to APT 28. Both XAgent and Turla are highly sophisticated malware families and are not found on the open internet - this is often what differentiates tools used by espionage/APT threat actors and tools used by cybercriminal threat actors. Chinese APT threat actors have their own tools that they exclusively use as well.

    In any cyber attack, you have to consider a lot of different items: Attack Vector (email-based such as phishing, spearphishing, web-based such as SQL injection), the malware used (commodity vs customized), and the exfiltration point (i.e., identifying where the stolen data is going - domain, IP address). The thing with attack vectors is that there are only so many ways to get into a desired network/system and attacks that leverage network scanners with web-based/server-side attacks such as Brute Force and SQL Injection are really "loud" in the sense that most intrusion detection appliances (firewalls) are going to identify those attacks, log them, and then defend against them. Spearphishing, as I'm sure you know, is a lot more subtle and depending on how good the attackers are, it would completely bypass any mail filters or mail server security mechanisms. In many cases, really sophisticated threat actors that use spearphishing for nation state/APT attacks are planning these things out well in advance and researching their targets for long periods of time. Spearphishing is very hard to defend against because one can never account for human error. If you were to get a convincing email from your boss or colleague asking you to open up something, most people don't think twice about it.

    Tools used by cybercriminals (banking Trojans such as Panda Banker, Zeus, Citadel, Vawtrak, Pony, etc) are available on Darknet forums and marketplaces. When people think about the Darknet, they commonly think of Tor browser (The Onion Router) and Silkk Road. Now, Silkk Road was taken down by law enforcement a few years ago and it was primarily used for selling drugs, weapons, human trafficking...a lot of nasty shit. However, there are dozens of other marketplaces just like Silkk Road that still exist on the Darknet - and this is where you can go to buy malware tools like banking trojans, exploit kits, stolen credit card information, and so on.

    Attribution is incredibly difficult and though there are ways to identify an attacker pretty effectively, they violate a lot of US cyber laws (and international cyber laws). So, the best way (right now) for those of us in the cyber industry to identify and track specific activity, is by using forensic analysis on the actual malware samples pulled off of infected networks and then trying to pro-actively create early warning mechanisms and better detection mechanisms either through writing Snort signatures (how antivirus detections work) or through YARA signatures, which is more "rules" based - i.e. "if a file with XYZ appear, quarantine it".

    So, I say all of that to say that I think the CIA is capable (as is the NSA) of performing those types of actions and disguising it as Russian or Chinese activity. However, I think it is far more likely that the attacks against the DNC were committed by Russia.

    Think about it, who would be more friendly to the CIA - Hillary? Or Trump? Hillary has so many damn skeletons in her closet, the CIA would have no trouble leveraging those things against her to make sure they were able to maintain their own objectives. Trump may have a lot of skeletons in his closet, but he sure as shit doesn't seem to care about them and he's totally unpredictable.
    No heuristics + ml fun?!

    Sent from my XT1254 using Tapatalk





  6. #18
    Join Date
    Feb 2009
    Location
    Frederick, MD
    Posts
    44,117
    Blog Entries
    4

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by Ortizer View Post
    No heuristics + ml fun?!

    Sent from my XT1254 using Tapatalk
    Heuristics-based IDS's are great post-infection. :)


    The life of infosec...always playing from behind.
    Disclaimer: The content posted is of my own opinion.

    RIP #25





  7. #19

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by wickedsolo View Post
    The question that many, including myself, have is why leak just the DNC stuff? I came to a couple of conclusions...
    1) The stuff they got from the RNC was bland and not scandalous at all (un-fucking-likely).
    2) They weren't able to get into the RNC (don't make me laugh...).
    3) They valued a Trump Presidency more than a Hillary Presidency (Interesting theory and geo-politically, that could make sense).
    4) They did find some pretty damaging info on RNC systems and are holding it as leverage for down the road (Also interesting and not out of the realm of possibilities).
    Or 5) Putin hates Hillary and so decided to screw her over for shits and giggles. Given Putin's actions in the past, not an unreasonable assumption.
    "A moron, a rapist, and a Pittsburgh Steeler walk into a bar. He sits down and says, Hi Im Ben may I have a drink please?
    ProFootballMock





  8. #20
    Join Date
    Aug 2007
    Location
    Houston, TX Y'all
    Posts
    34,414

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by wickedsolo View Post
    Of course they're going to say that. Both parties have skin in the game to ensure that the "democratic way" is impenetrable.

    As of right now, no one can definitively say one way or the other that the DNC leaks did - or did not - impact the outcome of the election.

    Now, I fully endorse the idea that the ultimate culprit for Hillary losing the election is because she's a gigantic turd and ran a horrible election. However, I am not willing to say that the DNS leaks didn't impact voters...especially those that may have been on the fence or were perhaps Bernie Sanders supporters.
    When two different houses of Congress and member of both parties therein agree on something, it's a solid bet they're telling the truth.

    Washington leaks like a sieve. There's no "that's what they're going to say" type conspiracy.

    And I don't get your comment that both sides want to give the appearance that the "democratic way is impenetrable". Both sides are admitting they were penetrated. Penetrated hard in fact. If there was evidence, even in the slightest, that the Russian fake news crap actually affected the outcome, Dems on that committee would be screaming from the roof tops. That's simply not happening.





  9. #21
    Join Date
    Oct 2007
    Location
    Albuquerque
    Posts
    12,388

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by wickedsolo View Post
    There are two "groups" that I (and many in the cybersecurity/infosec industry) believe are the best. The USA and the Russians. I don't think it should be a surprise at all that the top antivirus software companies are based out of the US and Russia - McAfee and Kaspersky, respectively. In fact, Eugene Kaspersky has direct ties to the Russian FSB, which is essentially a modernized arm of the former KGB.

    I know that the Russian's successfully compromised multiple DNC network assets because of the malware used to establish persistence on the DNC network (Advanced Persistent Threat, APT).

    Here is a good blog by Crowdstrike that details APT28 (aka Sofacy, aka FancyBear), which is the Russian group that compromised the DNC.

    https://www.crowdstrike.com/blog/who-is-fancy-bear/

    The way that we track espionage groups is through their tools that they use for their operations. For example, XAgent (as described in the blog) is a tool that has only been used by APT 28. Another good example would be Turla, which is a malware tool used by another Russian group that conducts similar activity to APT 28. Both XAgent and Turla are highly sophisticated malware families and are not found on the open internet - this is often what differentiates tools used by espionage/APT threat actors and tools used by cybercriminal threat actors. Chinese APT threat actors have their own tools that they exclusively use as well.

    In any cyber attack, you have to consider a lot of different items: Attack Vector (email-based such as phishing, spearphishing, web-based such as SQL injection), the malware used (commodity vs customized), and the exfiltration point (i.e., identifying where the stolen data is going - domain, IP address). The thing with attack vectors is that there are only so many ways to get into a desired network/system and attacks that leverage network scanners with web-based/server-side attacks such as Brute Force and SQL Injection are really "loud" in the sense that most intrusion detection appliances (firewalls) are going to identify those attacks, log them, and then defend against them. Spearphishing, as I'm sure you know, is a lot more subtle and depending on how good the attackers are, it would completely bypass any mail filters or mail server security mechanisms. In many cases, really sophisticated threat actors that use spearphishing for nation state/APT attacks are planning these things out well in advance and researching their targets for long periods of time. Spearphishing is very hard to defend against because one can never account for human error. If you were to get a convincing email from your boss or colleague asking you to open up something, most people don't think twice about it.

    Tools used by cybercriminals (banking Trojans such as Panda Banker, Zeus, Citadel, Vawtrak, Pony, etc) are available on Darknet forums and marketplaces. When people think about the Darknet, they commonly think of Tor browser (The Onion Router) and Silkk Road. Now, Silkk Road was taken down by law enforcement a few years ago and it was primarily used for selling drugs, weapons, human trafficking...a lot of nasty shit. However, there are dozens of other marketplaces just like Silkk Road that still exist on the Darknet - and this is where you can go to buy malware tools like banking trojans, exploit kits, stolen credit card information, and so on.

    Attribution is incredibly difficult and though there are ways to identify an attacker pretty effectively, they violate a lot of US cyber laws (and international cyber laws). So, the best way (right now) for those of us in the cyber industry to identify and track specific activity, is by using forensic analysis on the actual malware samples pulled off of infected networks and then trying to pro-actively create early warning mechanisms and better detection mechanisms either through writing Snort signatures (how antivirus detections work) or through YARA signatures, which is more "rules" based - i.e. "if a file with XYZ appear, quarantine it".

    So, I say all of that to say that I think the CIA is capable (as is the NSA) of performing those types of actions and disguising it as Russian or Chinese activity. However, I think it is far more likely that the attacks against the DNC were committed by Russia.

    Think about it, who would be more friendly to the CIA - Hillary? Or Trump? Hillary has so many damn skeletons in her closet, the CIA would have no trouble leveraging those things against her to make sure they were able to maintain their own objectives. Trump may have a lot of skeletons in his closet, but he sure as shit doesn't seem to care about them and he's totally unpredictable.
    Great post!
    Follow me on Twitter:@DadeRSR

    Master of 'Gifs for dummies'

    "The world called for wetwork, and we answered. No greater good. No just cause." - Kazuhira Miller





  10. #22

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by wickedsolo View Post


    The question that many, including myself, have is why leak just the DNC stuff? I came to a couple of conclusions...
    1) The stuff they got from the RNC was bland and not scandalous at all (un-fucking-likely).
    2) They weren't able to get into the RNC (don't make me laugh...).
    3) They valued a Trump Presidency more than a Hillary Presidency (Interesting theory and geo-politically, that could make sense).
    4) They did find some pretty damaging info on RNC systems and are holding it as leverage for down the road (Also interesting and not out of the realm of possibilities).
    Quote Originally Posted by darb72 View Post
    Or 5) Putin hates Hillary and so decided to screw her over for shits and giggles. Given Putin's actions in the past, not an unreasonable assumption.
    OR 6). Russia is simply looking to undermine the credibility of US elections and simply did all they could to make them look corrupt.

    OR 7) Russia (the state) didn't really hack the DNC and the info was leaked by a DNC insider. All of which were recently fired.





  11. #23
    Join Date
    Feb 2009
    Location
    Frederick, MD
    Posts
    44,117
    Blog Entries
    4

    Re: (Alleged) Russia/Trump Scandal

    Quote Originally Posted by blah3 View Post
    OR 6). Russia is simply looking to undermine the credibility of US elections and simply did all they could to make them look corrupt.

    OR 7) Russia (the state) didn't really hack the DNC and the info was leaked by a DNC insider. All of which were recently fired.
    Man, 7 would be...wow. I don't even know. That would be something else.


    Sent from my iPhone using Tapatalk
    Disclaimer: The content posted is of my own opinion.

    RIP #25





  12. #24

    Re: (Alleged) Russia/Trump Scandal

    My thing is after six months of digging by democrats, there is still no evidence that Trump colluded with the Russians. Did the Russians at least try to interfere with the election process? Yeah, same way we've been doing all over the world for how long now? Didn't Obama try to influence the Brexit vote?

    The thing that has me worried is that the democrats were using intelligence (I never thought I'd use that phrase) to spy on Trump's team BEFORE the election. It continued after he won.
    "A moron, a rapist, and a Pittsburgh Steeler walk into a bar. He sits down and says, Hi Im Ben may I have a drink please?
    ProFootballMock





Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Russell Street Report Website Design by D3Corp Ocean City Maryland