what we probably KNOW is that, one month before the DNC emails were hacked from their email server, hackers used a known malware to move DNC documents from a different server to an Illinois computer, which Mueller says was controlled by GRU.
-
-
Replying to @ClimateAudit @15poundstogo and
2/ a different operation than DNC email exfiltration in late May - AFTER Crowdstrike was in control. Perhaps, maybe even probably by same actors, but that has to be shown. BTW did you know that Illinois servers are commonly used by GRU for its most sensitive operations?/sarc
2 replies 0 retweets 9 likes -
Replying to @ClimateAudit @15poundstogo and
No call for sarcasm on that one. Common practice in criminal/spook world is to hide by going through a chain of hacked servers, which can be anywhere in the world. Do forensics on one, and all you get is the location of the next in the chain.
1 reply 0 retweets 1 like -
Replying to @NYarvin @15poundstogo and
and yet the basis for attribution of hack to GRU/APT28 is that they made multiple boneheaded lapses in operational security, in which they failed to use proxy servers and inadvertently added "Russian" fingerprints to metadata
1 reply 0 retweets 3 likes -
Replying to @ClimateAudit @15poundstogo and
I don't trust those "fingerprints" any more than you do, but organizations getting some things right and screwing up others is not unknown.
2 replies 0 retweets 0 likes -
Replying to @NYarvin @15poundstogo and
in this case is it plausible that some of the "fingerprints" are screw-ups? If I discovered that a document had been (for no observable purpose) opened and re-saved by a user named "J. Edgar Hoover", I would not jump to conclusion that it was FBI opsec error. Would you?
1 reply 1 retweet 4 likes -
Replying to @ClimateAudit @15poundstogo and
Nah, that's a pretty weird screwup, and it could be anyone in the world playing a joke. The "this outfit uses a distinctive set of implants" sort of evidence is much better, though still unreliable since all those implants are widely distributed (simply by being used).
2 replies 0 retweets 1 like -
Replying to @NYarvin @15poundstogo and
and yet we were assured by leading lights of the info security business that the J. Edgar Hoover signature was an opsec failure and a smoking gun
1 reply 0 retweets 3 likes -
Replying to @ClimateAudit @15poundstogo and
I don't think there was any such claim from anybody I regard as a leading light of infosec. (Say, Ross Anderson, Bruce Schneier, Tavis Ormandy, or Wladimir Palant...)
3 replies 0 retweets 0 likes -
Replying to @NYarvin @15poundstogo and
some time, I'll go back and see how this claim arose and was featured.
1 reply 0 retweets 0 likes
No quarrel with the idea that the people presented by the press as leading lights of infosec in this case are the same people presented as such in other contexts. It's just that I have different standards.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.