Results 13 to 24 of 27
Thread: (Alleged) Russia/Trump Scandal
-
Re: (Alleged) Russia/Trump Scandal
There are two "groups" that I (and many in the cybersecurity/infosec industry) believe are the best. The USA and the Russians. I don't think it should be a surprise at all that the top antivirus software companies are based out of the US and Russia - McAfee and Kaspersky, respectively. In fact, Eugene Kaspersky has direct ties to the Russian FSB, which is essentially a modernized arm of the former KGB.
I know that the Russian's successfully compromised multiple DNC network assets because of the malware used to establish persistence on the DNC network (Advanced Persistent Threat, APT).
Here is a good blog by Crowdstrike that details APT28 (aka Sofacy, aka FancyBear), which is the Russian group that compromised the DNC.
https://www.crowdstrike.com/blog/who-is-fancy-bear/
The way that we track espionage groups is through their tools that they use for their operations. For example, XAgent (as described in the blog) is a tool that has only been used by APT 28. Another good example would be Turla, which is a malware tool used by another Russian group that conducts similar activity to APT 28. Both XAgent and Turla are highly sophisticated malware families and are not found on the open internet - this is often what differentiates tools used by espionage/APT threat actors and tools used by cybercriminal threat actors. Chinese APT threat actors have their own tools that they exclusively use as well.
In any cyber attack, you have to consider a lot of different items: Attack Vector (email-based such as phishing, spearphishing, web-based such as SQL injection), the malware used (commodity vs customized), and the exfiltration point (i.e., identifying where the stolen data is going - domain, IP address). The thing with attack vectors is that there are only so many ways to get into a desired network/system and attacks that leverage network scanners with web-based/server-side attacks such as Brute Force and SQL Injection are really "loud" in the sense that most intrusion detection appliances (firewalls) are going to identify those attacks, log them, and then defend against them. Spearphishing, as I'm sure you know, is a lot more subtle and depending on how good the attackers are, it would completely bypass any mail filters or mail server security mechanisms. In many cases, really sophisticated threat actors that use spearphishing for nation state/APT attacks are planning these things out well in advance and researching their targets for long periods of time. Spearphishing is very hard to defend against because one can never account for human error. If you were to get a convincing email from your boss or colleague asking you to open up something, most people don't think twice about it.
Tools used by cybercriminals (banking Trojans such as Panda Banker, Zeus, Citadel, Vawtrak, Pony, etc) are available on Darknet forums and marketplaces. When people think about the Darknet, they commonly think of Tor browser (The Onion Router) and Silkk Road. Now, Silkk Road was taken down by law enforcement a few years ago and it was primarily used for selling drugs, weapons, human trafficking...a lot of nasty shit. However, there are dozens of other marketplaces just like Silkk Road that still exist on the Darknet - and this is where you can go to buy malware tools like banking trojans, exploit kits, stolen credit card information, and so on.
Attribution is incredibly difficult and though there are ways to identify an attacker pretty effectively, they violate a lot of US cyber laws (and international cyber laws). So, the best way (right now) for those of us in the cyber industry to identify and track specific activity, is by using forensic analysis on the actual malware samples pulled off of infected networks and then trying to pro-actively create early warning mechanisms and better detection mechanisms either through writing Snort signatures (how antivirus detections work) or through YARA signatures, which is more "rules" based - i.e. "if a file with XYZ appear, quarantine it".
So, I say all of that to say that I think the CIA is capable (as is the NSA) of performing those types of actions and disguising it as Russian or Chinese activity. However, I think it is far more likely that the attacks against the DNC were committed by Russia.
Think about it, who would be more friendly to the CIA - Hillary? Or Trump? Hillary has so many damn skeletons in her closet, the CIA would have no trouble leveraging those things against her to make sure they were able to maintain their own objectives. Trump may have a lot of skeletons in his closet, but he sure as shit doesn't seem to care about them and he's totally unpredictable.Last edited by wickedsolo; 03-31-2017 at 11:33 AM.
Disclaimer: The content posted is of my own opinion.
-
Re: (Alleged) Russia/Trump Scandal
Of course they're going to say that. Both parties have skin in the game to ensure that the "democratic way" is impenetrable.
As of right now, no one can definitively say one way or the other that the DNC leaks did - or did not - impact the outcome of the election.
Now, I fully endorse the idea that the ultimate culprit for Hillary losing the election is because she's a gigantic turd and ran a horrible election. However, I am not willing to say that the DNS leaks didn't impact voters...especially those that may have been on the fence or were perhaps Bernie Sanders supporters.Disclaimer: The content posted is of my own opinion.
-
Re: (Alleged) Russia/Trump Scandal
That loud noise was all the hacking info flying right over my head.
Thanks Wicked
-
-
03-31-2017, 12:17 PM #17Legendary RSR Poster
- Join Date
- Mar 2015
- Location
- Pasadena, MD
- Posts
- 12,231
-
-
03-31-2017, 03:18 PM #19
Re: (Alleged) Russia/Trump Scandal
"A moron, a rapist, and a Pittsburgh Steeler walk into a bar. He sits down and says, “Hi I’m Ben may I have a drink please?”
ProFootballMock
-
03-31-2017, 04:09 PM #20Legendary RSR Poster
- Join Date
- Aug 2007
- Location
- Houston, TX Y'all
- Posts
- 34,414
Re: (Alleged) Russia/Trump Scandal
When two different houses of Congress and member of both parties therein agree on something, it's a solid bet they're telling the truth.
Washington leaks like a sieve. There's no "that's what they're going to say" type conspiracy.
And I don't get your comment that both sides want to give the appearance that the "democratic way is impenetrable". Both sides are admitting they were penetrated. Penetrated hard in fact. If there was evidence, even in the slightest, that the Russian fake news crap actually affected the outcome, Dems on that committee would be screaming from the roof tops. That's simply not happening.
-
04-01-2017, 07:38 PM #21
-
04-03-2017, 11:47 AM #22Hall Of Fame Poster
- Join Date
- Nov 2011
- Posts
- 9,127
Re: (Alleged) Russia/Trump Scandal
OR 6). Russia is simply looking to undermine the credibility of US elections and simply did all they could to make them look corrupt.
OR 7) Russia (the state) didn't really hack the DNC and the info was leaked by a DNC insider. All of which were recently fired.
-
-
04-03-2017, 03:28 PM #24
Re: (Alleged) Russia/Trump Scandal
My thing is after six months of digging by democrats, there is still no evidence that Trump colluded with the Russians. Did the Russians at least try to interfere with the election process? Yeah, same way we've been doing all over the world for how long now? Didn't Obama try to influence the Brexit vote?
The thing that has me worried is that the democrats were using intelligence (I never thought I'd use that phrase) to spy on Trump's team BEFORE the election. It continued after he won."A moron, a rapist, and a Pittsburgh Steeler walk into a bar. He sits down and says, “Hi I’m Ben may I have a drink please?”
ProFootballMock
Bookmarks