Politics

Ars Technica security editor: WH fails to make case that Russian hackers tampered with election

Obama electoral college senate RussiaOn Thursday, the FBI and the Department of Homeland Security released a joint report detailing how federal investigators linked the Russians to alleged hacks of Democratic Party organizations.  But, Ars Technica Security Editor Dan Goodin said, the White House failed to make their case that Russian hackers actually tampered with the election.

“Talk about disappointments,” Goodin wrote. “The US government’s much-anticipated analysis of Russian-sponsored hacking operations provides almost none of the promised evidence linking them to breaches that the Obama administration claims were orchestrated in an attempt to interfere with the 2016 presidential election.”

He added:

The 13-page report, which was jointly published Thursday by the Department of Homeland Security and the FBI, billed itself as an indictment of sorts that would finally lay out the intelligence community’s case that Russian government operatives carried out hacks on the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton Campaign Chief John Podesta and leaked much of the resulting material. While security companies in the private sector have said for months the hacking campaign was the work of people working for the Russian government, anonymous people tied to the leaks have claimed they are lone wolves. Many independent security experts said there was little way to know the true origins of the attacks.

Will this presidential election be the most important in American history?

Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate. Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers’ “tradecraft and techniques” and instead delivering generic methods carried out by just about all state-sponsored hacking groups.

“This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations,” Robert M. Lee, CEO and Founder of the security company Dragos, wrote in a critique published Friday. “It is my opinion and speculation that there were some really good government analysts and operators contributing to this data and then report reviews, leadership approval processes, and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little.”

He further noted:

Security consultant Jeffrey Carr also cast doubt on claims that attacks that hit the Democratic National Committee could only have originated from Russian-sponsored hackers because they relied on the same malware that also breached Germany’s Bundestag and French TV network TV5Monde. Proponents of this theory, including the CrowdStrike researchers who analyzed the Democratic National Committee’s hacked network, argue that the pattern strongly implicates Russia because no other actor would have the combined motivation and resources to hack the same targets. But as Carr pointed out, the full source code for the X-Agent implant that has long been associated with APT28 was independently obtained by researchers from antivirus provider Eset.

“If ESET could do it, so can others,” Carr wrote. “It is both foolish and baseless to claim, as CrowdStrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.”

The Hill reported:

But security experts say that the document provides little in the way of forensic “proof” to confirm the government’s attribution. Private security firms — like CrowdStrike, who investigated the DNC breach — went much further, they say.

“The DHS statement is a restatement of already known public information, a series of technical indicators that are intended for use by cybersecurity professionals in finding and remediating APT28 malware on private sector networks, and some generic advice for companies as to how to improve their network security,” said Matt Tait, founder of the U.K.-based security consultancy Capital Alpha Security.

APT28 refers to one of the hacking groups affiliated with Russian intelligence believed to have infiltrated the DNC.

The U.S. report, known as a “Joint Analysis Report” or JAR, refers to the Russian hacking campaign as “Grizzly Steppe.”

Here’s the full report:

“The doubts raised by Lee, Graham, and Carr underscore the difficulty members of the US intelligence community face when taking findings out of the highly secretive channels they normally populate and putting them into the public domain,” Goodin said. “Indeed, the Joint Analysis Report makes no mention of the Democratic party or even the Democratic National Committee. The lack of specifics and vagueness about exactly how the DHS and FBI have determined Russian involvement in the hacks leaves the report sounding more like innuendo than a carefully crafted indictment.”

In plain English, there doesn’t appear to be any direct evidence to back up Obama’s claim nor does there appear to be any evidence to suggest that Russia tried to “hack” the election.

Keep in mind it wasn’t that long ago that the regime admitted Russia did not “hack” the election.

Related:

If you haven’t checked out and liked our Facebook page, please go here and do so.

And if you’re as concerned about Facebook censorship as we are, go here and order this new book:

Banned: How Facebook enables militant Islamic jihad
Banned: How Facebook enables militant Islamic jihad – Source: Author (used with permission)

Joe Newby

A 10-year veteran of the U.S. Marine Corps, Joe ran for a city council position in Riverside, Calif., in 1991 and managed successful campaigns for the Idaho state legislature. Co-author of "Banned: How Facebook enables militant Islamic jihad," Joe wrote for Examiner.com from 2010 until it closed in 2016 and his work has been published at Newsbusters, Spokane Faith and Values and other sites. He now runs the Conservative Firing Line.

Related Articles

Our Privacy Policy has been updated to support the latest regulations.Click to learn more.×