2/ a different operation than DNC email exfiltration in late May - AFTER Crowdstrike was in control. Perhaps, maybe even probably by same actors, but that has to be shown. BTW did you know that Illinois servers are commonly used by GRU for its most sensitive operations?/sarc
-
-
Replying to @ClimateAudit @15poundstogo and
No call for sarcasm on that one. Common practice in criminal/spook world is to hide by going through a chain of hacked servers, which can be anywhere in the world. Do forensics on one, and all you get is the location of the next in the chain.
1 reply 0 retweets 1 like -
Replying to @NYarvin @15poundstogo and
and yet the basis for attribution of hack to GRU/APT28 is that they made multiple boneheaded lapses in operational security, in which they failed to use proxy servers and inadvertently added "Russian" fingerprints to metadata
1 reply 0 retweets 3 likes -
Replying to @ClimateAudit @15poundstogo and
I don't trust those "fingerprints" any more than you do, but organizations getting some things right and screwing up others is not unknown.
2 replies 0 retweets 0 likes -
Replying to @NYarvin @15poundstogo and
in this case is it plausible that some of the "fingerprints" are screw-ups? If I discovered that a document had been (for no observable purpose) opened and re-saved by a user named "J. Edgar Hoover", I would not jump to conclusion that it was FBI opsec error. Would you?
1 reply 1 retweet 4 likes -
Replying to @ClimateAudit @15poundstogo and
Nah, that's a pretty weird screwup, and it could be anyone in the world playing a joke. The "this outfit uses a distinctive set of implants" sort of evidence is much better, though still unreliable since all those implants are widely distributed (simply by being used).
2 replies 0 retweets 1 like -
Replying to @NYarvin @15poundstogo and
and yet we were assured by leading lights of the info security business that the J. Edgar Hoover signature was an opsec failure and a smoking gun
1 reply 0 retweets 3 likes -
Replying to @ClimateAudit @15poundstogo and
I don't think there was any such claim from anybody I regard as a leading light of infosec. (Say, Ross Anderson, Bruce Schneier, Tavis Ormandy, or Wladimir Palant...)
3 replies 0 retweets 0 likes -
Replying to @NYarvin @15poundstogo and
in Sept 2017, I wrote a blog article in which I collected references from prominent articles to the "J Edgar Hoover" argument: https://climateaudit.org/2017/09/23/guccifer-2-and-russian-metadata/ …pic.twitter.com/mmL4StgcSM
1 reply 0 retweets 2 likes -
Replying to @ClimateAudit @NYarvin and
the originator appears to have been Matt Tait, who testified to House Intel Committee. His original thread is archived http://archive.is/uyBTQ and was extensively quoted. He appears to have later deleted it.
1 reply 0 retweets 2 likes
Also at that time a contributor to Lawfare:https://www.lawfareblog.com/contributors/mtait …
-
-
Replying to @NYarvin @ClimateAudit and
Before this he worked at Project Zero with Tavis Ormandy (from your list)
1 reply 3 retweets 2 likes -
Replying to @bleidl @ClimateAudit and
Definitely a serious player in the field. "Leading light" is something different, though. Not that I have any objections to noticing metadata like this and calling attention to it; it can be a clue, even though it's very poor evidence to rest other conclusions on.
1 reply 0 retweets 0 likes - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.