After the U.S. government published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog. The U.S. report, which boasted of including “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services,” came with a list of 876 suspicious IP addresses used by the hackers, and these addresses were the clues I needed to, in the end, understand a gaping weakness in the report.
An IP address is a set of numbers that identifies a computer, or a network of computers, on the internet. Each time someone loads my website, it logs their IP address. So I searched my web server logs for the suspicious IP addresses, and I was shocked to discover over 80,000 web requests from IPs used by the Russian hackers in the last 14 months! Digging further, I found that some of these Russian hackers had even posted comments (mostly innocuous technical questions)! Even today, several days after publication of the report (which used a codename for the Russian attack, Grizzly Steppe), I’m still finding these suspicious IP addresses in my logs — although I would expect the Russians to stop using them after the U.S. government exposed them.
What is happening? Are elite Russian hackers regular readers of my blog? Am I under cyber attack?
I found out, after some digging, that of the 876 suspicious IP addresses that the Department of Homeland Security and the Department of National Intelligence put on the Russian cyber attacker list, at least 367 of them (roughly 42%) are either Tor exit nodes right now, or were Tor exit nodes in the last few years. I have a lot of regular readers who are Tor users, and I’m pretty sure they’re not all Russian hackers. So the quick answer to the mystery of my website apparently being attacked by nefarious IP addresses listed in the U.S. report is that the Russians, along with many thousands of others, just happened to use the Tor IP addresses that my regular readers used (and still use).
Tor is a decentralized network of servers, called nodes, that help people bypass internet censorship, evade internet surveillance, and access websites anonymously. Today, there are over 7000 nodes in the Tor network (about 1000 of those are “exit nodes”), distributed geographically around the world, and run by volunteers (I run a few myself). Tor Browser is a web browser, like Chrome or Firefox, but all of its internet traffic goes over the Tor network. If you type in the URL https://www.fbi.gov in your normal web browser, the IP address of your current internet connection will end up in the FBI’s web server logs. But if you type that URL into Tor Browser, an encrypted copy of your web request will bounce around the world through multiple Tor nodes before finally exiting the Tor network, and the IP address of a Tor exit node will end up in the FBI’s logs, rather than the network you’re currently connected to.
Since nearly half of the IP addresses in the Grizzly Steppe report are actually just Tor exit nodes, this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses. In fact, if you open Tor Browser and visit a website right now, there’s a pretty decent chance that you’ll be using the internet from one of those suspicious IP addresses.
It’s plausible that Russian hackers use Tor to hide their real IP addresses when they do attacks, and this is likely why these IP addresses ended up in the Grizzly Steppe report. But finding these IPs in your web server logs (like I did for my website) does not mean that the Russians are attacking you. Tor has over 1.5 million daily users around the world — about a third of a million of them are in the United States. If you see a Tor IP address in your logs, you know that a Tor user visited your website, and that’s it.
In other words, if you’re a network administrator and you discover one of the suspicious IP addresses used by Russian hackers on your network, it likely doesn’t mean anything at all. It certainly isn’t proof that the same elite Russian hackers who compromised the Democratic National Committee and John Podesta’s email are also targeting your company. (For example, Russian hackers did not penetrate the U.S. electricity grid through a utility company in Vermont, even though a company laptop made a connection to an IP address in the Grizzly Steppe report.)
But before I figured all of this out, I really wanted to know what the Russians were (apparently) doing on my blog. After digging, I discovered this in my logs:
93.115.95.202 - - [09/Mar/2016:16:19:07 -0500] "GET /files/tmp/fingerprints.txt.asc HTTP/1.1" 200 13141 "-" "PycURL/7.21.5 libcurl/7.47.0 GnuTLS/3.4.9 zlib/1.2.8 libidn/1.32 libssh2/1.5.0 nghttp2/1.8.0 librtmp/2.3"
The first part of this log is an IP address, “93.115.95.202,” followed by the date that the request was made, March 9, 2016, followed by the URL that was being requested, in this case https://micahflee.com/files/tmp/fingerprints.txt.asc, and finally followed by a complicated user agent string that isn’t important right now. I knew exactly what that web request was because I’m the one who made it, using Tor. I put that file, “fingerprints.txt.asc,” on my web server, to help me test out a piece of software I was developing. No one else could have made that web request, because no one else knew that temporary URL.
It turns out, when I downloaded that file from my own website while using Tor, I came from the IP address “93.115.95.202.” But, according to the Grizzly Steppe report, if I find this IP address in my logs, that’s evidence that I’m a target for Russian cyber attacks. Does this mean that I’m an elite Russian hacker and I just didn’t realize it?
I set out to figure out exactly how many of the suspicious IP addresses listed in the Grizzly Steppe report actually just belong to Tor exit nodes. All Tor nodes that make up the Tor network are completely public. You can visit this page to see a list of the current Tor exit node IP addresses. But since the Tor network is run by volunteers, the list of nodes constantly changes — people running old nodes decide to shut them down, and other people start up new nodes. So I used the Internet Archive’s Wayback Machine to download each historical list of Tor exit nodes available, beginning in September 2014.
I found a total of 7,854 IPs that were, in recent years, Tor exit nodes, and I compared it to the list of 876 IPs that were published with the Grizzly Steppe report. I found 367 IP addresses in common — in other words, at least 367 of the suspicious IP addresses are, or were, Tor exit nodes. And after this story was posted, I was alerted to an even better data set, assembled by the Tor Project’s CollecTor, that showed more Tor nodes: it turns out that 426 of the IP addresses in the Grizzly Steppe report are historical Tor nodes, so it’s actually 49% rather than 42%.
It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. But the Grizzly Steppe report fails to adequately back up this claim. My research, for example, shows that much of the evidence presented is evidence of nothing at all.
If Vladimir Putin, the Russian leader, is truly responsible for manipulating the U.S. election, and if the Obama administration wishes to prove its case, it needs to publish actual smoking-gun proof, such as intercepted emails or phone calls from within the Kremlin, or more complete technical details that connect dots directly to the Russian government, rather than to a Tor node that thousands of people use.
Of course it’s unlikely the Obama administration will do this. But if you have access to any of this evidence, please share it with us using SecureDrop.
Update: January 5, 2017
This piece was updated with new information from CollecTor on the number of Tor nodes in the Grizzly Steppe report.
Something amiss or pure and simple by intent of missleading, paid or free of all the TOR nodes i have been screening a handful if none are russian available that point to russian registered IPs, most nodes are in the free world most in the US.. so ask yourself, if you want to fake an IP location, why would one picks a russian TOR..I say the feds detection is not an act of an amateur, they have the technology and the hardware to pinpoint any culprit in the world.
I’m afraid many people still won’t understand that. It might help to use an analogy familiar to all, for example, comparing TOR to a bus and exit nodes to bus stops. The fact that we know someone got off at a particular bus stop doesn’t identify an individual. It only narrows the search to everyone else on the bus that day.
Hmm…. This may be a fake article about fake news. So, therefore, according to the Art of War……. A major operation is underway. It’s five o’clock somewhere…
Some 60 or a few less years ago my father told me not to believe everything I read in the newspaper. Good advice then and even better now.
From day one this story smelled so bad, I decided it had to be an inside job.
I used to study CIA coup operations in S. America. The main, initial strategy was disinformation and inciting chaos about the Leftist elected leader. Though Trump isn’t Leftist, his nationalist-populist politics are a threat to the global order. It’s very unlikely the establishment thinks Russia hacked the emails. It’s window dressing for the peasants. Odd, this is a 1950s meme (foreign intervention), it won’t work as well because globalism undermined the concept of the U.S. in most of the peasants’ minds.
«It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.» But just why, Micah, do you deem the above scenario «likely» ? Julian Paul Assange denies that the material released by WikiLeaks came from the Russians (or, for that matter, from any state actor) and Craig Murray states that it came from an inside leak. Is their testimony less credible than the «assessments» made by US so-called «intelligence» agencies, fronted by a known prevaricator, James Robert Clapper ?…
You don’t reveal any evidence which makes this story – shades of «I have in my hand a list …» – «likely» ; please, in the event you possess any, do so, in order to save your own credibility….
Henri
Hey. I think the Intercepts full staff approach on this is “We’re not saying the Russians didn’t do it (reasonable and outcomes inclusive) in fact we’re inclined to believe its true BUT we need congressional hearings to publicly investigate the issue to determine the veracity of those allegations”
The newer TI reporters are simply delivering less well received version of Glenns’ “Yes it could have been the Russians BUT…” bit.
Make no mistake about it though the Congress is not well at and currently the protective free speech barrier between you being identified as US GOV Shill (who believes most of what they’re told with zero evidence) or being identified as an Official Useful Idiot (one who require evidence to believe what they’re told) is exceedingly thin and porous.
On Capitol Hills McCarthyist Reaction to The Russians Are Coming
GLENN: Hills Indeed, in my 10-plus years of writing about politics on an endless number of polarizing issues — including the Snowden reporting — nothing remotely compares to the smear campaign that has been launched as a result of the work I’ve done questioning and challenging claims about Russian hacking and the threat posed by that country generally. This is being engineered not by random, fringe accounts, but by the most prominent Democratic pundits with the largest media followings.
Question: Can it simply be Hillarys and the DNCs misplaced Hubris that’s been driving this erratic (hook line and sinker) geopolitical realignment on Capitol Hill these last few months?
WHY … do you write that “it is plausible Russia was responsible for DNC and Podesta hacks”
What would cause a respectful writer to have that opinion ?
Based on What … ?
New Proof ???
Please share … : )
” shows that much of the evidence presented is evidence of nothing at all.”
….yet you find it “likely? If the authors of the report are that clueless, or disingenuous, why would you believe the rest of it?
On the other hand, there is someone , Craig Murray,willing to go on record as being involved. A person who killed his career , by being a whistleblower, vs known liars.?????
Last night on the local NBC news they announced their reporter(s) had been shown “secret evidence” of the Russian hack … So there.
Micah was probably given the same story by his handler;
I can show you this but it’s up to you to do the parallel construction … for security reasons.
Teh Dailybeast has these related stories:
‘Slam dunk’ in other words.
See! We told you they did it …
Uh. I hate to say this, but this article is sensationalist and stupid. It needed to be written by a security expert and is woefully incomplete.
For some on this board Micah and Morgan are the technical and security experts. For others on this list Micah and Morgan are two technical and security experts. I think Micah may have just been gaslighting some.
So they tell you the CIA NSA can’t show YOU the evidence because it might compromise the “sources” and “methods” through which they “collect it all FULL TAKE” all the live long day.
SOURCES: The NSAs “sources” are like stars in the sky – there are to many to count. The NSA has so many sources willing or unwilling one need not reveal a specific “source” be it liveware or hardware to count packets traveling between ANY two exchange points.
METHODS: Snowden has already revealed the NSAs “methods” (HELLO MCFLY IS THERE ANYBODY THERE) and the NSAs “methods” (which are improving) are in the public fucking domain at this site and worldwide.
Much of the “full take” collected from those Israeli narus splitters (and via any other means) are now at the NSAs Corporate Stores Product Development Teams Offices targeting frequent shoppers just like Palantir.
http://www.baltimoresun.com/news/opinion/oped/bs-ed-hacking-intelligence-20170105-story.html
Bill n’ Ray get some local press out Baltimore way…
Hack: When someone in a remote location electronically penetrates operating systems, firewalls or other cyber-protection systems and then extracts data. Our own considerable experience, plus the rich detail revealed by Edward Snowden, persuades us that, with NSA’s formidable trace capability, it can identify both sender and recipient of any and all data crossing the network.
Leak: When someone physically takes data out of an organization — on a thumb drive, for example — and gives it to someone else, as Edward Snowden and Chelsea Manning did. Leaking is the only way such data can be copied and removed with no electronic trace.
Still leaves 51% of the IP addresses, no? Am I missing something?
Yeah.
What is so much nonsense doing all mixed in with the Real Evidence?
No doubt what you are forgetting is that government agencies as well as hackers worldwide setup and run many hundreds of TOR exit nodes themselves so that they can intercept private emails, instant messages, account credentials, IP histories, suspicious activities, etc. you name it, they can get it. Too many think that TOR is secure, when it’s not, it’s just a trick to make you think you are more secure, when in fact, hundreds of even more shady entities are watching you. If you truly want to be secure, simply don’t do anything you don’t want anyone to catch you doing.
What I find most interesting is the admission that SecureDrop is a total scam.
You can’t simultaneously believe that the government is data omniscient enough to know who hacked and leaked everything to wikileaks and everyone else (even through 3rd parties) while at the same time trying to push SecureDrop.
You can’t be sure that it’s the Russians while at the same time telling people SecureDrop protects them.
Is there a bigger disincentive to leak than to sell the idea the the government is data omniscient?
In so many ways, to embrace the administration’s Russia narrative is to embrace the death of journalism.
You should really change the headline of this article.
As the author himself says in comments below it’s not accurate to say that the report says that the ip addresses listed are exclusively used by “Russian hackers” or that finding them in your own logs means that.
And now we find that the DNC never let the spooks examine their servers.
Not only is there no evidence but there can be no evidence – just spook stories.
When spooks make up stories to misdirect the resources which should be defending the nation, how is that not treason?
Seems to me that the revelation of supposed Russian hacking, its disclosure, has done more to influence not just the elections but U.S. political institutions including Congress in order to set policy — boxing Trump into an adversarial posture with Russia, or at least attempting to. If it’s plausible that the Russians hacked the elections, then it’s equally plausible the Obama administration is abusing the nation’s intelligence community and ability to cherry pick disclosures to kneecap the incoming Trump administration and to promote its new Cold War with Russia as a legacy, cleverly manipulating hawks in Congress in the process. That these disclosures do not conclusively reveal any real threat but instead demonstrate how intelligence can be used politically to destroy a political opponent domestically. The smoothest transition in history? If they still can’t prove the allegations, and are relying on circumstantial bits like the Russians cheered when Clinton lost, why was it ever disclosed in the first place? To bolster a political talking point from the Clinton campaign about why all its dirty laundry was about to be aired?
So I wonder if by DHS and DNI reporting these IP numbers as “Russian hackers” almost as a sensationalist call to arms to system administrators, they effectively create a reporting network of their usage at the destination, and possibly even convince many to blacklist them – potentially diminishing the useability of Tor.
..or taking it even further – it could be twisted into some probable cause to “investigate” those IP’s and maybe raid or legally impede some Tor operators, while intimidating potential ones.
There would be a lot of unhappy people in government, the military, law enforcement, journalism, etc. if Tor were crippled.
Entities in all of those categories are among the most frequent users of the network. Indeed, the initial development was done at the Naval Research Labs.
Besides, why would an upstanding and honest destination site want to block access from the Tor exit nodes? And, if they are worried about tracking browsers by IP, they’ll have to start compiling lists of all the IPs used by public WiFi hotspots and blocking everyone browsing from, e.g., Starbucks. ;^)
“There would be a lot of unhappy people in government, the military, law enforcement, journalism, etc. if Tor were crippled.”
Yes no doubt, but – there would also be many happy ignorant nationalist-fascist-jingoist types who would likely celebrate exactly the result you describe. Government and large corporate entities have plenty of resources and options for effective anonymization. Tor tends much more to benefit small entities with less resources, ‘outsiders’ who do not have access to, or trust in those state resources.
” Indeed, the initial development was done at the Naval Research Labs”
Yes, but similarily – the “Internet” was once called “ARPANet”.
;)
I really don’t think it’s a critical concern. There are certainly fascists who hate anonymity and there already barriers to using Tor to access certain sites and resources. But there is also a large, diverse, influential and resourceful body of Tor users and developers and various ways around, over and through the barriers.
And, if you can’t make Tor secure enough for yourself, just learn to spoof MAC addresses and start a world tour of Starbucks. ;^)
Hi Micah,
is this piece meant to be ironic?
I mean you guys have the snowden files, no? So you know NSA traces packets. Since we all know the capabilities the NSA has and the scrutiny under which WL is, we know this report vacuous. If you bothered to read it, you wouldn’t call it a report btw. Also, NSA are the big boys, DHS / DNI are irrelevant regarding that topic.
No russians, no hack it’s a LEAK. See VIPS, craig murray, WL, assange.
This is has been public for a while, it’s funny to see the Intercept beats around that bush constantly. First sam, you, glenn.
You report on it or not, that’s your call, but please stop the posturing and vanguardism which just adds to the insult.
The fact that 42% of the IP adresses are tor nodes just displays the utter contempt for the public. That fact that neither of you picks up the above and calls this report a load of horse, but you focus on these Tor nodes and Sam quotes VIPS without mentioning the fact it is LEAK tells stories.
Cause once you do, you can’t avoid to see this serves a political agenda, which is:
-to impede Trumps declared ambition to detente towards Russia, this thru expelling diplomats
– to impede the electoral colleges decision, as Trumps victory is illegitimate as he was backed by Vladimir Putin.
It is sorta funny to see, that it is the very same people constantly complaining about the malicious forces messing with the election even influencing it’s outcome and therefore denying what seemed due, that demonstrably rigged the DNC primaries, messed with this election and influenced it’s outcome, denying what was due.
But here, who are the agents? Well the Dems, obviously, the Clintons but also Brenner, Clapper, MSM, TI, Obama.
The secret services role during this election has been often decried but rarely analyzed and the political twist of their actions lately is revealing.
So good job Micah, in linking these IPs to tor nodes, your piece should than have focused on demolishing this “report” and would not have failed to mention that these mails have been obtained thru a leak, as per WL, VIPS, and Craig Murray, nothing less than the recipient of them.
Please stop with these wishywashy pieces. You’re good when you rock the boat, but your a piss poor propagandist and I will not quit telling you, cos I prefer the first.
https://www.emptywheel.net/2017/01/04/did-nsa-just-reveal-its-china-bios-story-was-made-up/
Referenced: 60 Minutes Sweetheart interview with Keith Alexander
Marcy Wheeler: “As I noted at the time, the story — the claim that a country of 1.3 billion people who have become very interdependent with the United States would want to destroy the US economy — was a bit absurd.”
What would be interesting is to see the ip addresses of the posters to TI’s comment section. How about Micah?
I find it most amusing that so many who publicly supported Trump and defend Putin, are using the US gov’t has been caught in lies and nefarious actions so we shouldn’t believe them argument. We know that the Russian gov’t pays people to comment on message boards it would be interesting to see how many of them are here.
Look for the broken english or the accent.
I vould lof to know vy you care though.
Russia paying people to promote Trump seems relevant to the topic at hand.
BOY ON A ROLL (Low Cal I Swear) MIT Grad Student Ryan Shapiro (https://en.wikipedia.org/wiki/Ryan_Shapiro) The FBIs Favorite “FOIA Terrorist” Has Now Also Joined the Staff at Buzzfeed…
https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers?utm_term=.ppjen6w68#.rtvxzpApv
The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.
I get 2080 (about US$35) rubles/hr, because of my excellent English. Of course, many of my associates work for less, either because their language skills are not as polished or simply because they have such love for the Motherland.
Slaboumnyy.
Of course the Russians are not behind the hack. The Republicans are perfectly capable of hacking, as well as disgruntled Sanders supporters. But Washington is always in need of a baddie to justified the expensive killing machines they keep buying.
Julian Assange stated, and I quote: “Regarding the emails WikiLeaks published, Assange said his source was not the Russian government or any other “state party.”
http://insider.foxnews.com/2017/01/03/wikileaks-editor-julian-assange-alleged-russian-hacking-clinton-emails-donald-trump
Now, I don’t know exactly how Wikileaks verifies its sources (and its my understanding they have a method/means to do so, and do), but to the best of my knowledge they’ve never published a single document that has been shown to be falsified or altered.
Nobody has suggested, with anything resembling proof to support such a suggestion, that the DNC and Podesta e-mails aren’t 100% accurate.
So are Michal Lee, and Sam Biddle and everybody else going to trust the “US intelligence agencies” whose track record is far from being anywhere near as transparent or honest in its “assessments” and “statements” or are they at least going to wait to see if Julian Assange can prove the leaks weren’t obtained from the “Russian government” or any “state party”.
Now granted Julian Assange is speaking precisely, and his statement does not discount/disprove the possibility that the hacker/leakers were “non-governmental agents or proxies” of Russia or some other state, but at this point he’s stating unequivocally that Wikileaks “source” for the leaks was not the government of Russia nor any other state.
Seems to me it is either shut up or put up time for US intelligence agencies and/or Julian Assange (although I don’t blame Assange for not disclosing his source, as no journalist should under these circumstances).
I do blame and distrust the US “intelligence agencies” and their private industry proxies, because they’ve earned that distrust over decades.
http://www.washingtontimes.com/news/2016/dec/14/craig-murray-says-source-of-hillary-clinton-campai/
Murray claims to have actually received the package of emails from the source directly. Also says the source had legal authority over the emails…..ie..DNC insider?
@rrheard, Galactus-join me in a nice Russian vodka martini to toast the people responsible, possibly, for revealing our enemy within? A gentlemen’s and ladies way of saying thanks…
I also blame and distrust the US “intelligence agencies” and their private industry proxies, because they’ve earned that distrust over decades.
Thanks for that. I was going to run my own tests on the IP list. No need to now. The original CrowdStrike report (bears-midst-intrusion-democratic-national-committee) is worth reading.
This level of incompetence nixes faith in the surveillocracy!
nice intermediate level piece, i guess. too bad you had to mackey it all up with
“It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.”
but then i have noticed an odd conservative bent amongst infosec types. for all their knowledge of complex networks and assembly language and esoteric BASH incantations, simple truths are ignored in favor of an authoritarian, “trust what daddy says” mentality. probably why the NSA has so little trouble finding 1337 h@x0r cogs for their machine.
Yeah, that seems to be the latest trend here at the TI.
And Micah here knows it’s horse, ‘cos Micah hinted at it in his piece.
He know’s what it means that 42% IPs are Tor nodes, but Micah wants his bone.
Another hole in this story is that everyone is still assuming that Guccifer 2.0 is Wikileaks’ source. But how do we know that?
On June 12, Wikileaks founder Julian Assange told ITV in an interview that “We have upcoming leaks in relation to Hillary Clinton, which is great, Wikileaks has a very big year ahead… We have emails related to Hillary Clinton which are pending publication, that is correct.”
Just two days later, on June 14, the Washington Post published its story on the DNC hack, it said, by Russia, “Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.”
The hack of the DNC was ongoing and the supposed Russian fingerprints were identified, not by intelligence agencies, but by the private Internet security firm Crowdstrike, which published its findings a day later on June 15.
The same day, on June 15, the WordPress blog by Guccifer 2.0 appeared, taking credit for the DNC hack described in the Washington Post story, and taunting Crowdstrike. The blog posted some of the documents as proof of the hack. Critically, Guccifer 2.0 claimed, “The main part of the papers, thousands of files and mails, I gave to Wikileaks. They will publish them soon.”
Here, Guccifer 2.0 was going out of its way to associate itself with Wikileaks, not the other way around. Wikileaks never confirmed that Guccifer 2.0 was the source of either the DNC or Podesta emails. It seems rather bizarre that Wikileaks’ supposed source for the organization’s biggest story ever would preempt Wikileaks’ disclosure by saying “I did it! Scrutinize me!” Doesn’t that seem odd to anyone?
By this time, it must be noted that Assange had already made it known publicly in the June 12 interview referenced above that he had emails related to Hillary Clinton. Was Guccifer 2.0 falsely taking credit for Assange’s upcoming release against Hillary Clinton?
Within hours, the same day, on June 15, it was revealed that metadata in one of the files posted by Guccifer 2.0 was modified by a user whose name in Cyrillic was “Felix Edmundovich,” an apparent reference to a founder of the Soviet-era secret police. This was used by many observers as more confirmation that somehow the Russians did it. This seems sloppy by Guccifer 2.0 but okay, let’s play along.
But it raises some plausible questions.
1. Was Guccifer 2.0 simply trying to make it look like the Russians were responsible for whatever Assange and Wikileaks were about to release?
2. Or, alternately, did the DNC, aware that Assange and Wikileaks were about to do a major dump against Clinton, decide it would be a good time to reveal its own hack, and its Russian origins, to either muddy the waters for whatever Wikileaks was about to release or because it actually believed Wikileaks had been handed information from the Russians?
3. Was the DNC hack the Washington Post reported on and the Guccifer 2.0 disclosures actually staged to preempt and discredit whatever Wikileaks was about to release?
4. Was Guccifer 2.0’s public tarring and feathering as Russian hackers a warning to Assange and Wikileaks it would be treated similarly if it followed through on its promise to publish emails related to Hillary Clinton?
These questions are speculative, of course, but why not? Everyone else is speculating about what might have happened based on this supposed link between Guccifer 2.0 and Wikileaks — even the Central Intelligence Agency. Well, perhaps that link was actually fabricated or, more likely, falsely assumed, if Wikileaks’ Murray is to be believed, or Julian Assange himself (see below).
There was never any overlap between what Guccifer 2.0 published, which had very little impact, and the DNC and Podesta emails Wikileaks ultimately published, which were widely discussed. Why did Guccifer 2.0 even need Wikileaks to publish its documents? Many of its documents later appeared on DCleaks.com. And why disclose that it was the source of pending Wikileaks disclosures — making it less likely Wikileaks would use their information if indeed that is where it came from?
A month intervened between the Washington Post story and Wikileaks’ DNC email release, and the whole time, Guccifer 2.0 was labeled the work of Russian hackers. If Guccifer 2.0 was really Wikileaks’ source, then through publishing the emails, Assange would have knowingly been embracing that narrative — and risking Wikileaks’ reputation as an honest broker. Who wants to be perceived or portrayed as a pawn of Russia in the West? The way Guccifer 2.0 was revealed to the world, then, might be one of the clearest indications it had nothing to do with Wikileaks’ ultimate releases.
To be certain, by the time Wikileaks on July 22 revealed DNC emails proving that the party was favoring Hillary Clinton over Bernie Sanders in the presidential primary, the assumption that Guccifer 2.0 was indeed Wikileaks’ source was widely accepted, primed by the Hillary Clinton campaign, Clinton surrogates and Clinton herself.
On Nov. 17, outgoing National Intelligence Director James Clapper told the House Intelligence Committee: “As far as the WikiLeaks connection, the evidence there is not as strong and we don’t have good insight into the sequencing of the releases or when the data may have been provided.”
“We don’t have as good of insight into that,” he added.
In an interview on Sean Hannity’s radio program on Dec. 15, Wikileaks’ Assange called the accusations that Russia was behind its disclosures a “deliberate attempt to conflate” its own releases and the presence of Russian hacking the DNC, stating emphatically, “Our source is not the Russian government.”
Hannity specifically asked Assange about Guccifer 2.0 and DCleaks.com, and Assange said, “who’s behind these [sites], we don’t know.” Hannity explicitly asked if Assange knew them, and Assange said, “No,” indicating they were in fact not the source for Wikileaks’ DNC and Podesta releases.
So, it stands out to me at least that the supposed Russian fingerprints have been attributed entirely to the DNC hack that Guccifer 2.0 took credit for, and not anything Wikileaks published.
Thanks you for this clearheaded post.
That’s AWESOME! time to raise some ad revenue!
Excellent point in this article. With proxy servers, I can comment on this website with a Russian IP. It is easy to go through three or four proxies if you want to. You can also find proxy servers with ‘no logging’ which makes forensic detection even harder.
All the proof of Russian hacking is just propaganda for the computer illiterate. It is so funny how liberals are now clinging to the CIA like a big teddy bear to ease their pain and ongoing cognitive dissonance. Little do they know, but they are unwittingly reigniting a new cold war with Russia, thus increasing the chances of a nuclear war.
Who would have thought liberals would be peddling cooked intelligence even more ridiculous than Bush’s WMD claims. I guess that is what happens when you sell the current president as a dear leader and the incoming one, a fascist.
Typical of the Fascists today is to re-define the entire political spectrum.
Trump is a full-fledged shameless Fascist in the pattern of Mussolini.
Both praised the joint rule of business and government.
The People have no role – except to be ground under their boots.
Our duty is to resist.
Micah Lee Thinks The Russian’s Hacked Our Democracy – Glenn Greenwald Explains Why We Shouldn’t Believe Him
Poor Micah. We’ve been so mean to him.
I hope it pushes him toward more careful technical and logical analysis and away from unsupported credulity wrt the claims of officialdom.
Now, everyone, follow Sillyputty’s link! Glenn nails it.
https://medium.com/@jeffreycarr/the-gru-ukraine-artillery-hack-that-may-never-have-happened-820960bbb02d#.hl3dr2b24
“Crowdstrike’s core argument has three premises:
1. Fancy Bear (APT28) is the exclusive developer and user of X-Agent [1]
2. Fancy Bear developed an X-Agent Android variant specifically to compromise an Android ballistic computing application called ????-?30.apk for the purpose of geolocating Ukrainian D-30 Howitzer artillery sites[2]
3. The D-30 Howitzers suffered 80% losses since the start of the war.[3]
If all of these premises were true, then Crowdstrike’s prior claim that Fancy Bear must be affiliated with the GRU [4] would be substantially supported by this new finding. Dmitri referred to it in the PBS interview as “DNA evidence”. In fact, none of those premises are supported by the facts.”
Exactly correct.
I would only add that it seems really sloppy for so many to describe Fancy Bear, Cozy Bear, etc. as if they were distinct and definable groups of human actors or agencies. In fact, they are more properly described as collections of malware and methods of operation that share significant similarities, at least some of which may have common origins. They have been “in the wild” for long enough that there is simply no reason to believe, without additional evidence, that the presence of traces of this material tells us anything about the origin of a particular attack.
If, of course, the DNC email messages were actually hacked, rather than leaked.
As for the Podesta account, I’m pretty sure Trump’s now-famous ten-year-old computer wiz could have compromised that treasure trove of sleazy operations and dirty tricks, since Podesta made it so easy. Not that I’m accusing the child, of course.
To be fair, I do know how it feels. I’m still working on apostrophic assignations myself. Then again, I’m my own editor, and the renumeration ain’t great!
A question to Micah, who seems to be almost magnetically attached to non-controversial conclusions based on nothing more than confirmation bias.
First, the prologue:
THE OTHER DOG THAT NEVER BARKED
The current, wildly debated “hacking” narrative is plainly animated by widely accepted wisdom that the Russians had much to gain if Clinton was defeated by Trump (because brolove for Putin, etc.)
Let’s move on, then, and adopt the same logic to seek further afield.
What other (never mentioned) country or countries might also have had means and motive to advance their own interests by exposing Hillary’s crowd? And why is only Russia named as the likely villain when at least one other is plainly an equal (or greater) beneficiary?
The strained relationship with Obama personally and his policies adversarial to Israeli government interests is well established. That was absolutely confirmed by the surprise US abstention in the UN vote of a few days ago. Hillary would be likely to carry on with the same Obama-inspired policies toward Israel.
Now let’s look at Trump and why Israel might be motivated to trust the direction of his implied and express political interests and policies:
Trump’s daughter is (apparently happily) married to a very successful NY developer who is a practicing Orthodox Jew. She converted to effect that marriage. Trump obviously approves.
The son-in-law, Jared Kushner, has been specifically tapped by Trump to be a top WH special advisor. Trump obviously admires his counsel just as he did throughout the campaign.
Trump just appointed a hard-line Jewish American associate as ambassador to Israel who vocally favors expanding settlements and moving the Israeli capital to Jerusalem without delay.
A somewhat out of date article in The Times of Israel offers some additional insight into American Jewish personalities, some now among the now-completed Trump cabinet candidates: http://www.timesofisrael.com/meet-the-jews-in-donald-trumps-inner-circle/
It is very well known that Israelis are among the most respected technical experts on the planet. (Just google “israeli hacking” for vast evidence.) Stuxnet is widely believed to have been a joint US-Israeli project, so the Israelis are not regarded as “JV” players by American authorities. https://en.wikipedia.org/wiki/Stuxnet Engineering an attack on US-based assets to look like “Russian hackers” would likely be well within the competency of Israeli state actors.
The DNC attack allegedly employed hacking code widely known and immediately available for sale on the dark web, so it cannot be linked by authorship to any particular invader. Moreover, of course, there’s no need for any state actor to expose advanced intrusion methods when the target host is mostly protected only by angels and hope.
It is also well established (by the infamous attack on “The Liberty”, if nothing else) that Israel will ruthlessly and lethally attack even American military interests if necessary to advance it’s own vital interests. Would they have qualms about attacking the target-rich environment of a civilianowned Windows server?
So my question is this: if the Israelis have both the demonstrated will and the demonstrated capability to engineer sophisticated attacks on assets of other nations, then why has the question never even been raised about whether they might have been motivated to embarrass the (entirely deserving) Clinton campaign by exposing its many lies and deceits?
Perhaps a hint: the pro-Israel Jewish lobby in the US is one of the most influential forces in getting dim dems elected, nationwide. Or not, if they don’t get out the vote. Pissing them off isn’t a politically acceptable option. Pinning the tail on that donkey would be like hugging the third rail with both hands.
On the other hand, there is no particular Russian voting block. So that’s a pretty safe alternative option which would more likely curry favor from the dim dems electorate than blowback.
Moreover, we spend more in foreign aid on Israel than any other nation. They are therefore officially our undoubted “Best Friends Forever”, no matter what they do.
But there’s more. Back in July, there was a published report based on Israeli intelligence sources which said the “highly effective” Russian GRU would never be caught red-handed in a clumsy effort like the alleged DNC hack:
QUOTE:
Israeli military intelligence/Mossad connected DEBKAfile said “an analysis by (its) intelligence and cyber defense sources has determined that” DNC emails hacking “almost certainly (was) not carried out by (Russia’s GRU) cyber warfare branch.”
[…]
According to DEBKAfile (DF), blaming Russia is baseless “in…light of four facts:”
1. Little is known in the West about Moscow’s “cyber warfare system” other than it’s “highly effective.” If it hacked DNC emails, “no obvious signatures (like) ‘Fancy Bear’ and/or ‘Cozy Bear’…would have been left behind for investigators to discover.”
2. Intelligence operations, including Russia’s, nearly always focus on “seeking security, strategic and economic data.” It’s hard imagining Moscow would divert “stretched” resources to investigating other matters.
3. The private information security company CrowdStrike, hired by the DNC and FBI, claiming it “cracked the case in two hours is hardly credible.”
“Getting to the bottom of an APT (Advanced Persistent Threat) calls for extra-powerful computers, working in conjunction with the internet service provider (ISP), and consuming weeks, if not months of analysis.”
4. Blaming Russia for hacking DNC emails provides US conspiracists “with a convenient reminder” that Edward Snowden remains free from prosecution in Russia – WikiLeaks founder Julian Assange as well, given asylum in Ecuador’s UK embassy.
http://www.globalresearch.ca/israeli-intelligence-debunks-notion-of-russia-hacking-dnc-emails/5538966
ENDQUOTE
So even an Israeli security company associated with the Mossad doesn’t buy the “Russian hacking” story.
But nobody apparently asked this Israeli company (or anybody else) about which other national actors might have means to launch such an attack.
That leads to the obvious question: why not?
DEBKA is attractive, but unreliable. I was impressed with them in 2003, but gradually learned better. Just start cross checking what you find.
Is the part about “extra powerful computers” stupidity or condescension? Sounds like a howler to me.
Thanks for the correction. You must be right … it can only have been the Russians, after all.
“…. and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.” Oh oh, Micah has drunk the KoolAid!
Some techie! Perhaps however, just a techie. Publishing true e-mails to expose someone seems to me a public service, not ‘manipulation.’ Otherwise any journalist in the world who publishes a negative story about a candidate during an election is also ‘manipulating’ an election. Nor is there proof that the Podesta e-mail swung the election at all. So Micah, perhaps you should accompany your techie creds with some accurate political ones.
Very interesting article, Micah Lee, you are doing great work…here’s my criticism:
On the Micah Lee controversy, where he shares his faith in the official Government claim, but backs that up with nothing…yes that does stand out from the rest of the article.
It is a question of perspective, If you are not a political junkie, if your interaction with the US government is the day to day, trains run on time stuff, then yeah….why would you doubt Obama’s government?
But if you have been following the multiple assassination attempts against Castro, South American nuns being murdered, Guantanamo, WMD, Gulf of Tomkin, then, believing the public statements of “All 17!!! US intelligence agencies appears foolish.
And the goal posts have moved, haven’t they? It was not too long ago that the Snowden revelations of NSA mass spying were met with: “What’s the big deal? All governments spy!!”
Now apparently, this one incident of spying is a Pearl Harbour level attack on the Free world.
The truth is, The Russians, the Chinese, others have very good reasons to spy on America’s government. From the mundane to the concern that the US is preparing a Pearl Harbour level military attack of their own.
But back to “all 17” US agencies. I’m sure that Obama receives very good information privately from them. But the decision to publicly damage Trump by claiming the Russians caused him is a public and political act of the US government under Obama.
Imagine the following scenario, all 17 (no let’s make it 500!!) All 500 of the departments of the Russian secret service tell the NYT that the moon is made of cheese. Is that 500 times more credible than if only one dept under Putin declared that.
The organogram of the secret service of the US doesn’t add any credibility, whether they are 17 departments all saying Saddam has WMD, and should be killed, or its 1700 departments. They all report to Cheney.
Now does the US government lie about everything? No. If they lied about everything, nobody would have believed the WMD lies, would they. But if Micah Lee feels that they are telling the truth this time, based on a gut feeling, that’s his right.
Let’s just not invade another country over it, OK?
I’m experiencing Deja Vu right now…..;)
It’s a good post, no matter where it’s posted. Cheers!
Trump will move Putin into the West Wing … and there will be the peace.
What a great point. What a great point. This is the kind of logic one needs to resort to when there is a lack of evidence. That’s when you have to go to the “slam dunk” level of propaganda.
Media: He said it was a slam dunk.
Public: what does that mean?
Media: If he had said, it was a “sure thin,” we could doubt it. But if he says “slam dunk” it has to be true.
Public: What does that mean?
Media: It means that if all 17 agencies say it, it’s kind of like a “slam dunk”
@Doug Salzmann
Thanks for this. Micah Lee is a super smart, tech wizard guy, so his opinion that Russia “likely” hacked the Podesta emails holds sway with me. But your engagement with him suggests his reasoning and facts supporting his opinion are very poor.
Adding, rr heard initiated the inquiry, here. Micah’s answers were disappointing, as I thought there would be more behind his offering his expert opinion.
It’s settled then: ‘Trump but verify’ *Russian probverb (h/t benitoe)
p.s. Dog is happy sis … he plays with us.
Hmmm. Is Mona sounding sort of , um, like a den mother here, or just another ‘nanny journalist’ vetting her local hero’s sources? Mkay, hmmm?
Micah said
“Thank you in advance. Genuinely. I don’t trust the US government to be honest (because they have a long and verifiable well-documented track record of being both dishonest and wrong particularly on issues concerning Russia), but I have no reason to doubt your honesty and intellectual integrity at this point”
Let Micah play his own game of hide the ace, and you stay out of it, Mkay? Maybe hasbara/crypto-hasbara plays the way you say, but journalism, m’dear, is a different game.
Julian Assange and Bill Binney are experienced enough to know what actual evidence entails (See OPM report from House oversight committee). The NSA can spoof any nation state actor and “salt the targeted servers” with a few clues supporting the misattribution to the target of choice.
Micahs “opinion” given his background and training and Glenns several most recent pieces is clearly disheartening to some.
the use of the word “salt” bothers me as much as the obvious misuse of the word “compartmentalized” referenced in a recent @bartongellman critique
opinions are less than worthless
when
their technical underpinnings
are less than trustworthy
NSA and Co. can stage “cyber” crime scenes at will. To fraudulently make a fake “cyber” crime scenes to appear to be real. I can name that tune in one note with all the technical underpinning. Micah and the CIA cannot. Maybe the US GOVs hands off policy on the Intercept requires occasional “shows” of “objectivity” (paying lip service to their lies) and its just Micahs turn this week.
“Salt” – to fraudulently make (a mine) appear to be a paying one by placing rich ore in it.
Legacy of Ashes: The History of the CIA is a 2007 book by Tim Weiner was a bit harsh but intelligence is often a best guess game. It is also not uncommon for any government agency to present themselves in the best light and at times tell the littlest lie to advance a chosen narrative, THATS WHAT THEY DO. Trump is calling them on this and suggesting “rearrangement” and budget cuts, careful King of Kings.
Tor has over 1.5 million daily users around the world — about a third of a million of them are in the United States.
It’s a simple explanation to this: there are about half a million US-based KGB agents who report directly to Putin.
Duck and (under)cover!!!
Reading The Intercept articles where the authors bend over backwards to defend Russia and seeing all of Glenn Greenwald’s posts on Twitter asserting the same thing is one of the most demoralizing things I can imagine.
If I had any faith that the American public couldn’t be bamboozled by unsubstantiated claims being put forward by their government, your post would be demoralizing, given that the article (and his replies to comments) show the author actually has been bamboozled by the same campaign as you have, he only feels compelled to point out that, in an area where he has personal knowledge, that campaign’s ‘evidence’ is underwhelming, even to a believer.
Of course, having seen the American public bamboozled time and time again (ironically, in the very election that they are now being bamboozled about) your post is not demoralizing, just disheartening.
Nate is a contrarian with the reasoning skills of a gnat. I usually ignore him for that reason. So don’t be demoralized; it’s just Nate being Nate.
Oh, I wasn’t demoralized by Nate, I’m just disheartening by the knowledge that he is a representative sample of a very large part of the American population, and, worse, of the majority of the voters of all three stripes (Democrat, Republican, Swing)
This is the same click bait garbage you guys like to bitch about. Your article is misleading at best, closer to openly lying about the CERT report.
What the report actually states is network admins should watch those IPs, and give traffic from them extra scrutiny. A pretty smart recommendation considering a malicious attack will likely come from an anonymous source, like a Tor exit node. It does not state traffic from the IPs is from “Russian hackers” as you put it, only that the hackers likely came from those addresses.
Funny that the report says only 15% were Tor exit nodes while in fact (as you stated) they are 42%.
They did not do leg work to look at old Tor IPs. Funny how a whole agency lacks the work ethic that one reporter has.
oh please Jackie does Micah do stretches while practicing rhetoric 101 at his desk?
Meanwhile, there’s been lots of juggling of IP assignments over the past 20 years. What once was a TOR address could now be a real estate website – or a military contractor.
Also, the DoD demanded a vast excess of IP blocks to be reserved for it’s own use while they still had sufficient sway over IANA – so they could make quick changes in the field.
perhaps if you pinged each IP from multiple locations and triangulated, you’d begin to know who’s who again.
Those of us who are wise won’t make an appearance in your server logs, so knock yourself out.
Reading though the comments I’m struck by something Assange said to Hannity the other the day: more or less if the Russia state hackers hacked the DNC e-mails and Podesta e-mails and released them to the public before the election that’ not tampering. The US voters / electorate learned something truthful about Dems and realized they didn’t like those people.
So if you like to believe Russians were involved, then according to Assange, they did Americans a favor.
Well… the NYT showing Trump’s tax records and that pussy tape were ‘good things’ right? Whoever obtained that info and made it public was a heroic and civic-minded person, right?
So, yes, exposing the DNC and HRC’s campaign filth was good.
By the way, I was actually listened when Trump spoke about possible Russian hacking Hillary’s server. He was talking about the 18,000 emails that Hillary deleted. What Trump jokingly said was that IF the Russians had those emails, he hoped they’d release them.
Translation and interpretation for Hillarybots
Trump did NOT urge the Russians to hack Hillary’s illegal mail server. What he said was that IF the Russians HAD those deleted emails, as a consequence of something they might have done in the past i.e., not urged by Trump, they it would be good if they released them for the benefit of our entertainment and amusement.
And, that was Okay because, according to Hillary, the deleted emails were all about Yoga or yogurt so that would not have harmed our national securities at all. Right? And if their content was harmful, still no big deal because the Russians already had them so releasing them would have been beneficial because we would have known what the Russians knew.
I am still amazed that our oh so brilliant and aggressive media completely ignored copious evidence that HRC and company blatantly destroyed evidence. I sort of thought that when the FBI asked for a certain set of records, that you tended to get in trouble when you not only can’t produce them, but seem to have done everything you could to make sure they were never found. Of course, the FBI was weirdly complicit, in that they let HRC’s lawyers decide which emails were ‘private’. Sure joe blow citizen would be able to do all that and not get so much as a slap on the wrist. Rotten, rotten, rotten… Guessing many in the FBI were much more interested in not pissing off the next Pres. than in ‘pursuing justice’. And our ‘betters’ wonder why so many were willing to vote for a plutocrat prick…
Agreed.
No sir, no… you’re not an elite Russian hacker. But you might just be a secret CIA agent who secretly works for US EPA as a climate change expert who secretly works on house projects and secretly goes to the gym.
Otherwise I’m quite sure you’re an excellent computer programmer and author.
Good work.
I have to ask how you to come to the opinion that ” that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.”
when its far more plausible that Seth Rich leaked the original DNC emails as a response to Debbie Wasserman Shultz unbelievable behavior during the Primary, then the far more damming leaks tying Clinton to Anthony Wiener in the 11th hour of the campaign have been publicy admitted too by numerous former intelligence officials including Steve Piecznik who claims they were the work of anti clinton people in the intelligence community. These scenarios are infinitely more likely than mysterious Russian Hackers working for Putin. As while Trump is undoubtably friendly with Putin, the Republican Congress is not. You have to ask yourself “who has more to gain” in these scenarios. Putin or the gigantic proportion of Government insiders who didnt want a Clinton presidency. The answer should be obvious. Considering The Intercept, has done its best to shoot down these Russian Propaganda fantasies and stick to the facts. I think you owe it to The Intercepts readers to explain how you’ve come to this opinion inspite of much to the contrary regulary illustrated here.
It appears “intelligence” agencies have come up with last minute proof positive that Russia didn’t actually deliver the DNC emails directly to WL (a narrative struggling to survive scrutiny).
Now they have changed their story to say they have what Reuters quotes as “conclusive proof” that Russia actually delivered the goods to WL through a third party.
http://www.reuters.com/article/us-usa-russia-cyber-idUSKBN14P04P
In basketball, this would be called goal-tending.
Correction. The specific quote is “conclusive evidence”, not “conclusive proof”.
In basketball, this would be called goal-tending.
And in discussions like what have been happening here at TI and elsewhere, it would be called moving the goal posts. Here is the crux:
It very much looks to me like they believe that assertions by Assange and former UK Ambassador Craig Murray are gaining traction and this is their way of pre-empting them. Or post-empting them, as the case may be.
Next step: Framing the DNC insider that Murray alleges gave them the info as a Russian spy.
I would go buy some popcorn but I prefer pretzels…
“Assange did not rule out the possibility that he got the material from a third party.”
Murray actually said he received the goods from an “intermediary”, as I recall, but the “taking” of those goods was by lawful access of someone at the DNC.
This *someone* was purportedly motivated by disgust with the rampant corruption of the DNC operation, in particular how it sabotaged Bernie Sanders to secure the nomination for Clinton. Based on what is now well known evidence, that disgust would seem well founded to anyone apart from partisan psychopaths.
It was a Russian spy posing as a DNC staffer who secretly met with Murray in DC and gave him the stuff harvested by the Russian hackers. Then, the Russians murdered DNC’s Seth Rich to make it look as if the hack was a leak by a rogue DNC staffer and make it look as if the DNC or Hillary or Podesta ordered his murder as revenge for the leak.
It’s all Russian deception and it’s all Putin’s plan. He plays multi-trans-dimensional-chess while we only play 3D chess.
“It was a Russian spy posing as a DNC staffer who secretly met with Murray in DC and gave him the stuff harvested by the Russian hackers.”
That isn’t an impossible explanation. But even if so, the aim would have been to reveal that DNC satraps were colluding with the press and manipulating internal power to deny Sanders a fair shot at the nomination.
That leaves the interesting question of whether these unabashed and underhanded DNC and coordinated press manipulations were, themselves, “interfering in US national elections”. Were they? Is there any limit on how much manipulation a political party can engineer by deceiving the public?
Put another way, is it not incongruent that only *revealing* those underhanded manipulations of the electorate would be regarded as a crime (because “hacking”), but the revealed underhanded behavior, itself, must be accepted as privileged conduct?
Put another way, is it not incongruent that only *revealing* those underhanded manipulations of the electorate would be regarded as a crime (because “hacking”), but the revealed underhanded behavior, itself, must be accepted as privileged conduct?
It is most incongruent, but it is exactly what they are trying to do because they don’t suffer from cognitive dissonance. Ever. Mostly because cognitive dissonance is linked to conscience and they don’t have that either.
I just read that neither the CIA nor the FBI have examined the DNC server at the root of all the hacking allegations. They wrote a report without even examining the server? Hmm, something smells fishy here!
Veryyyyyyyyyyyyyyyyyyyyyyyyyy fishyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy!!!!!!!!!!!!!
Your article is a bit sensationalist. While you say: “In other words, if you’re a network administrator and you discover one of the suspicious IP addresses used by Russian hackers on your network, it likely doesn’t mean anything at all. It certainly isn’t proof that the same elite Russian hackers who compromised the Democratic National Committee and John Podesta’s email are also targeting your company.”
The XML file that CERT put out says: “It is recommended that network administrators review traffic to/from the URL address to determine possible malicious activity.” and “It is recommended that network administrators review traffic to/from the IP address to determine possible malicious activity.”
So the US isn’t really trying to mislead the public, it’s more the headlines that accompany this whole story that twist it all around. You aren’t doing much better.
This is a good point. I already addressed it here.
They are trying to marginalise supporters of Mannging, Assange and Snowden. Pathetic attempt though.
Glenn Greenwald is awesome.
Maybe Paul Ryan should read this before he pops off about Trump not being “briefed” by our “intelligence ‘experts'” over the whole insanely stupid Russian hacking scam.
I have to agree. It would seem that those ‘experts’ have been consulting Curveball from Operation: They got tha WMD.
My investigation suggests that the Russian hacker who created the P.A.S. webshell allegedly used in the hack was a Ukrainian IT student from Poltava National Technical University (???????). The analysis is partly based on cryptographic proof; he signs his work with a SSL certificate with direct links to his internet and social media presence.
Did a Ukrainian University Student Create Grizzly Steppe?
https://antifasistit.blogspot.com/2017/01/did-ukrainian-university-student-create.html
LOL:
“If you type in the URL https://www.fbi.gov in your normal web browser, the IP address of your current internet connection will end up in the FBI’s web server logs….finally exiting the Tor network, and the IP address of a Tor exit node will end up in the FBI’s logs”
Actually, the FBI site has a CAPTCHA page in between that does the IP logging for them, so….
Then there’s that nationwide man-in-the-middle attack that they position right outside your computer switch. But they only use THAT when they get an exigent hot tip from one or another of their child porn/build-a-bomb/terrorist literature distribution partners( who don’t work for them, wink wink) ho has already hacked the “suspect” multiple times without a warrant.
And this, likl fter years of monitoring from RAF Croughton in England where they attempt to manipulate each individual ‘suspect’ as HUMINT, until they bleed them out of information.
Then: parallel construction, and 6 am raids baby!
I had my suspicions about the media giants authenticity and accuracy when I noticed they seemed to be reporting things that were said on Saturday Night Live like it was the news. I think I started to notice it when Tina Fey was doing a skit as Sarah Palin and it seemed like news outlets picked it up like a news story, such as the story about seeing Russia from her back yard. Situations like this turn into instances where it is difficult to tell fact from fantasy.
After reading Micah Lee’s piece, it seems like it might be better to stick with the supermarket tabloids for the news.
I think I recall someone had complained about one of the tabloid’s story about them and sued for libel, and the court or the verdict was that everyone knew they exaggerated the news, so they couldn’t be held responsible for what they were saying.
I think from what Micah Lee said about profiteering journalism is really a danger, that they are actually defrauding the public with stories that don’t have any actual journalistic basis, sometimes just rumors, and they go viral on social media, making lot of money for the journalist. This really is defrauding the public and the readers. Although there is freedom of speech, after-while, they will get a reputation as coming from LaLa land. It’s the “Boy who cried Wolf” over and over again.
Probably the only way it will stop is if there is some method of taking money away for false stories, essentially a fine of some sort, or at least not pay people to lie.
I think Rolling Stone magazine ended up with libel suits from Duke University, or members of an athletic team there for defamation of character and damages after they published a story about a gang rape which turned out to be baseless.
I think Facebook is talking about trying to weed out “Fake News”. Sometimes the “Fake News” is just failure to report the real news. This has been a constant complaint from media watchdogs and from some of the conservative media that there will be big news stories which are widely reported on talk radio and front page coverage by conservative leaning news organizations which aren’t even mentioned by some of the media giants such as the New York Times and Washington Post, or will have a small column heading buried back in the commerce section or some place in the news paper that you really have to search for to find it. This was pretty frequent with the Obama administration for the last 8 years. Then the news was reporting that Obama supporters were saying that the Obama administration didn’t have any scandals and was transparent, while conservative news organizations and talk radio were reporting some kind of scandal every few days, if it wasn’t AG Holder being held in contempt of congress for not telling about what was going on in the Fast and Furious gun sales program which ended up with guns being used to kill border patrol agents and shoot outs in Mexico, or the Internal Revenue Service processing of the charitable or educational organizations for tax exempt status. Also foreign affairs and the worsening of the international situation in the Middle East. So news organizations seem to have a slant on the news depending on their conservative or liberal stance.
Probably the biggest fake news business was the whole Clinton polling business during the campaign season when everyone was reporting a blow out election for Clinton while Trump was actually making a lot of progress and reaching traditional Democratic strongholds such as working people. All of a sudden, it seemed everything the big media had been reporting about the campaign was totally wrong. How wrong can you be?
Micah Lee has made an informed commentary of the situation. Hopefully it will be covered in the media, but I wouldn’t bet on it.
People are damaged by these stories, so someone needs to be responsible.
Mr. Lee states that he believes the US government, absent any credible evidence for their claims, but then demands evidence anyway. I find this lack of faith to be …. disturbing.
Trust but verify. *h/t Ray Gun
*good heavenly days benitoe, how strange the way of these peoples. .. they clamor for guidance and cling to obscure intricacies of knowledge when the Trump apocalypse is neigh 15 days away!!!
Trust but verify is an old Russian proverb. Hmm ….
“Mr. Lee states that he believes the US government, absent any credible evidence for their claims, but then demands evidence anyway. ”
I believe Mr. Lee has seen the evidence, but cannot disclose it for security reasons, so he is frustrated naturally.
This article is a cry for help for the masters to provide enough evidence constructed in parallel to make sure the truth is out there.
It’s time to amend Godwin’s law for the 21st century: Whoever mentions Russian hacking automatically loses the debate.
This is awful reporting. No one said that finding these IP addresses in your logs means Russians are attacking, and you flat out say that the reason why these IP addresses are listed is because they were used in the attack, not because they prove they were Russians. This is clickbait garbage at best.
One of the reasons I make a point of hitting foreign news websites (and foreign doesn’t mean just another country, it means another set of oligarchs, another set of priorities, another set of built in prejudices about who is good or bad) is you get to see how extensive the echo chamber can be for a PR effort (yes, it is possible that basically every news outlet in North America, Europe, Asia, and Latin America independently decided to do a story about the anniversary of the Guinness Book of Records, but that they all independently chose to feature the same records, in the same order, just doesn’t compute)
But its mainly because those different assumptions, and different pressures, lead to different sorts of articles
http://www.atimes.com/putins-year-triumphs/
Thank you for the link, confirming the ongoing childish idiocy that he CrookdClintO-trio ply upon americans. As the rest of the world tries to move on and better itself, usexceptionalism folds into itself. It has “Mirror, Mirror On the Wall” programmed to its will!
Micah Lee: “So I searched my web server logs for the suspicious IP addresses, and I was shocked to discover over 80,000 web requests from IPs used by the Russian hackers in the last 14 months!”
Why is this shocking? One would expect hackers to use IP addresses in an anonymous network that is used by millions of people around the world. What better method is there for hiding the IP address from which the hack originated? It should be remembered that only a very small percentage of the users of an exit IP address in such a network would be considered hackers in the Grizzly Steppe report.
Is it possible for a hacker to fabricate an exit IP address? If so, this would make tracing the original IP address of the hacker more difficult because the exit IP address from an anonymous network would function as a false lead.
This! Just because you were contacted through an exit node, doesn’t mean thousands of other aren’t using those nodes as well…and some using them for less than savory purposes….
It was shocking before I discovered that all of the suspicious IPs in my logs were actually Tor exit nodes. All I knew at the time was that these were the IPs used by Russian hackers.
And here is how Micah manufactures propaganda –
” AFTER THE U.S. GOVERNMENT published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog.”
“It certainly isn’t proof that the same elite Russian hackers who compromised the Democratic National Committee and John Podesta’s email are also targeting your company.”
“It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. But the Grizzly Steppe report fails to adequately back up this claim. My research, for example, shows that much of the evidence presented is evidence of nothing at all.”
And in his comments here Micah goes much further.
Sadly, I think the weaknesses in the government report are more likely due to incompetence than a serious attempt to mislead, as some of the comments here imply. Regardless, thank you for the explanation; I had only a vague notion of what the tor network is. I found your explanation simple to understand and informative. Thanks!
Thank you! I agree, I don’t think their report was intentionally misleading. As Robert Lee (CEO of security company Dragos) explains:
I’ll bet your blog’s view counter is getting a workout!
The Russians are surfing! The Russians are surfing!
Does that mean we’ll be seeing a ‘red tide’? We’ve definitely seen a flood of ‘yellow journalism’ with respect to Russia.
Micah, just want to make sure you actually think that Putin was megalomaniac to think that a small Russian operation could overwhelm the over $6 billion spent legally ‘meddling’ in the American election, the who knows how much unreported spending ‘meddling’ in the American election by those who had a stake in its outcome, the effect of basically every PM, President, and King making it clear (with varying degrees of bluntness) that they’d prefer Clinton won, and was prescient enough to direct the operation to use only the low level (the equivalent of a phone call from an African Princess wanting your help getting money out of her country) hacking on the DNC headquarters because he knew what would be discovered there, plus, I’m guessing, .01% of the ‘fake news’, would turn a slam dunk for Hillary into an upset win for Trump.
Or are you just including that line about believing that in an effort to avoid being labelled a Putin stooge for questioning the official line about who did it while eviscerating the ‘evidence’ that is supposed to sell that line to the masses?
Well put. Some serious cognitive dissonance going on there.
Arriba and Viva Russia (and Vladimir Putin) while the usa governance and the dead six kosher-usa mainstream media lapdogs that are devotionally practicing the fabricating/manufacturing of manipulation, propaganda, disinformation, false news and fake news, even at a high diplomatic level leveling accusations and fabrication of narratives/fake-news that all the usa is able to come up with is no evidence which is the epitomy/epitome of UNSUBSTANTIATED PLUS SUBSTAbNTIATED FALSEHOOD against Russia for standing for what is right. — Alejandro Grace Ararat
Now that there is a near-comprehensive list of Tor exit-node ip’s, will it now be harder to use the network? I mean that now people who are less educucated on the finer workings of internet may just have their network security guys just block every ip on that list from accessing their servers. I dont know anything about it but it seems like a legitimate question. Feel free to correct me.
Interesting point. I do volunteer editing on Wikipedia, and they block TOR connections from editing anonymously to avoid people circumventing IP-blocks for vandalism by routing their connection through TOR, so it’s definitely possible. My knowledge on this subject is limited though.
Like I mentioned in the article, “All Tor nodes that make up the Tor network are completely public.” It’s already trivial to block people visiting your website from the Tor network, and many websites already do (like viewing LinkedIn profiles, posting to Pastebin, etc), and many many more websites require Tor users to type in CAPTCHAs to access them (like Google search, nearly everything behind Cloudflare, FBI.gov).
Here is the list of all current exit node IP addresses: https://check.torproject.org/exit-addresses
“The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.”
ummm..seriously… why would they? I don’t read your blog, but what is on your blog of interest to Russian hackers? Seriously..
Of all the possible points in the article, that’s the one you choose to criticize? The whole point of that sentence is that if you assume these I.P.s only come from Russia, then all of the people using those exit nodes should be russians, which is bonkers.
quote”Of all the possible points in the article, that’s the one you choose to criticize?”unquote
ummm…I asked a question. Maybe you should read it, instead of inventing something that wasn’t there.
Of coarse, if you have some spare change to the tune of $249+accommodations etc, you just might rub shoulders with some member who, at the height of intoxication, just might spit out a highly compartmentalized piece of information about this debacle…
https://fhl.global/the-safehouse/
On the other hand, one may want to revisit the best known axiom of Barnum.
Debbie Wasserman, among others who sabotaged Sanders, must be rolling on the floor in gut splitting laughter at the FBI, every single morning since she resigned from the DNC.
The background is the weirdest display of IPv4 addresses ever.
Usually it’s just 1.2.3.4, not 1[.]2[.]3[.]4.
For some reason, that’s how the IP addresses were written in the data provided with the original DHS/DNI report: https://www.us-cert.gov/sites/default/files/publications/JAR-16-20296A.csv
My guess is, they were used for regex matching – usually unnecessary to escape the periods or put ’em in character classes in IP expressions but still the only explanation that makes sense to me.
http://www.washingtontimes.com/news/2016/dec/14/craig-murray-says-source-of-hillary-clinton-campai/
@Micah, how do you explain this story? Is this “Fake News”?
Apparently not one rookie reporter or “intelligence expert” bothered to check out whether Murray had airline and hotel arrangements in DC during the time period claimed.
If anyone had done and found no evidence of his visiting DC, we would have heard that news shouted from the rooftops. Nothing. Silence.
This story was so rapidly dismissed by the MSM that the virtual ink wasn’t even dry before it was pushed down the rabbit hole.
Well he was at America University in Washing on the 25th September to present John Kiriakou with the Sam Adams Award.
http://samadamsaward.ch/2016/09/cia-whistleblower-kiriakou-honored-integrity/
But if I’m reading Wikipedia right, that’s too late to correlate with the leak.
https://en.wikipedia.org/wiki/2016_Democratic_National_Committee_email_leak
for same reason the elite lying criminal thieves would not confront the lies of WMD, would not confront their partners in theft wallstreet criminal home thieves, would not confront the lies about perpetrating regime change in many countries, refused to confront the sins of the TPP, refuse to confront the discrepancy of the collapse of building 7, they want to stay as far away from the murder of Seth Rich (imo) as possible for it may just reveal to Americans a pattern of betrayal and treason all the way back to JFK.
but somebody must know more
ecommcon
There’s no reason to believe either Assange or Craig Murray are lying. Their business is truth telling, and it would be disastrous for them if they developed a reputation of deception. The only reasonable counter-argument is that they don’t actually know who the real source is.
Exactly. But the article I posted has gone a little further in detail than previous reports. In this report, Murray is stating he RECEIVED the actual emails AND has knowledge of the leaker’s background stating he/she had “legal” access to the emails.
This points the finger directly at someone INSIDE the DNC.
@Micah Lee
Some dolt down-thread:
“Evidence isn’t ever really evidence unless it’s submitted for scrutiny.”
and
“If VPN’s work…why then would any hacker leave a trail of IP addresses, ever?”
This seems like very straightforward observation and a very straightforward question, one that I’m puzzled hasn’t been addressed anywhere that I’ve seen – including here.
I’m not claiming to be an expert, far from it, but I do expect self-proclaimed experts like the US Government and The Intercept to be so, and to provide evidence to back up their claims and assertions.
I’ll gladly change my position on things when new information becomes available – but not until then.
If you have the resources to watch every workstation and server linked to a VPN simultaneously (in real time or retrospectively), along with all the (typically, essentially random) destinations and you are able to correctly identify every inbound and outbound packet at each step, you might be able to establish such a trail.
Does the NSA have such resources? Maybe, at least wrt to surveilling specific targets of extreme interest, although packet identification would still be very difficult if the VPN(s) were well-configured and busy.
Could any of the private security consultants who have allegedly established the “evidence” of the “Russian hacking” accomplish such a thing? Nope. Not a chance.
Thanks Doug. There’s entirely too much of this going on:
“Expert: a man who makes three correct guesses consecutively.”
– Laurence J. Peter
So I’ll go with this:
“Whenever a theory appears to you as the only possible one, take this as a sign that you have neither understood the theory nor the problem which it was intended to solve.”
– Karl Popper
“If VPN’s work…why then would any hacker leave a trail of IP addresses, ever?”
ummm.. they don’t.
https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf
That’s really not what the paper says, General.
What it does say is this:
And that’s all very true. However, as I said above, tracking an IP trail through a properly-configured VPN would require very substantial capabilities (beyond those of any private security consultants I’ve ever heard of) and be difficult even with those capabilities.
High-level, state-sponsored attackers are unlikely to use off-the-shelf, plain vanilla VPN services sold as commodities in every corner of the Internet. Nor should anyone else who seriously requires anonymity and anticipates that highly-capable opponents may try to defeat that anonymity.
I asked Micah to substantiate his belief in the “Russian hacking” story. I then noticed that he had attempted to do so in a reply to rrheard, down-thread. I posted my response there, but I don’t want it to get lost in the flow, so (self-important, arrogant jerk that I am), I’m copying it here:
Micah:
I haven’t seen any evidence that the DNC was hacked — no samples of the malware, no verified copies of the log entries or anything else on your list. Have you? If not, why do you believe it happened, other than believing what you have been told?
Micah:
This is all guessing and speculation — not a shred of evidence in the assertions. What the hell do you mean, “Of course all this exists?” How would you know? If you can’t tell us, why should we believe you are doing anything other than guessing or promoting unsupported claims for unknown reasons?
Micah:
Sheesh, Micah! APT28/29 (Fancy Bear, Sednit, etc.) are not people, groups of people or agencies! They are collections/categories/variants of similar malware. And they are available to many, in many forms, including in at least one case we know about in the form of source code! To say that they were used to hack the DNC is to say nothing at all about the identit[y|ies] of the alleged hacker(s). And, of course, again, we haven’t seen evidence of hacking, let alone evidence of what malware may have been used if there was a hack.
The “likely speak Russian,” and are “in a Russian timezone” assertions, even if true, are no evidence of anything, although if such traces were left, they would indicate to me that Russian state actors were very likely not involved. I assure you that, if the NSA were hacking a Russian system, and didn’t want to be identified, there would be no indication of the native language of the hackers and no way to know what time zone they were working in. Do you really believe hackers working for the Russian government are clueless amateurs.
If you don’t have any more than the above, I have to conclude that you don’t have any serious reason to believe what you do and (I’m sorry) that you really aren’t qualified to analyze matters such as these.
Thank you. This is a very clear response to another crappy article by a stooge for the status quo.
The spooks’ ludicrous propaganda is equivalent to claiming that Bill Gates personally sent every Word macro virus ever seen.
The CIA must think we’re all as dumb as senators.
Grin. Let’s see how TI is handling UTF this week:
???
Not handling UTF well. ;^(
Thanks Doug. Besides, if we’re going to assert anything based on probability and hunches rather than actual proof, here’s a silly exercise:
a) As Micah puts it indirectly, the probability of Russians having hacked the DNC is near 1%, on account that they “might” have done it. 1% for “it shouldn’t be excluded despite having no proof”.
b) The probability, based on past behavior, that the CIA lied through its teeth regarding the hack is near 99%. Just in case, for once since their inception, they said the truth. As if but let’s be fair.
Based on such probabilities, should anyone in their right mind listen to the CIA and give them any credit? C’m’on, think hard…
What flagged the whole thing as an almost certain hoax for me even before the ‘evidence’ (and the debunking of said ‘evidence’) started flowing across the internet was the combination of megalomania and prescience that Putin would have had to have to even try. Think of it, he had to believe that he could put together an operation that would have to better what the most advanced, well funded, experienced propaganda services in the world were all busy doing, and then know he had succeeded when the entire polling industry said that he had failed.
While I can (sometimes) suspend my disbelief to enjoy a good movie, book, show, asking me to believe that dancing, singing, magic using dinosaurs exist in reality seems an awful lot, especially when the alternative is to believe that a combination of arrogance and incompetence on one side, and a willingness to say anything to sell a con on the other, won the election by the strange rules of the American system.
Wow nice Bayesian statistics you conspiracy theorist tool
There are some things that are reasonably known, but there are a lot of gaps:
1) FancyBear exists. They even have a website.
2) FancyBear malware was in DNC computers.
3) FancyBear is apparently who sent the phishing email to John Podesta.
4) FancyBear is very busy and they target sites with political relevance.
5) FancyBear looks a little bit too Russian. They leave a lot of Russian text behind, like clues to be discovered.
6) FancyBear is pretty sloppy in other ways. It was possibly to discover all their other phishing targets. Their websites and personas are silly and amateurish.
What’s not clear:
1) Is FancyBear a hacktivist group (either Russian, or one that pretends to be Russian, say, a Ukranian group) or a state directed operation?
2) Was FancyBear the source of Wikileaks material, which Wikileaks denies?
If there was absolutely no trace evidence that “Russian” hackers were attempting to breech the security of numerous government agencies and elected officials, then I would be far more concerned. All major intelligence agencies routinely engage in cyber reconnaissance of their allies and enemies; it is an essential first step of cyber espionage.
In regard to the emails stolen off of Hillary’s server, I would not be surprised that multiple parties had access to that data. The fact that Clinton and her team went to great lengths in the effort to hide her breeches of national security, speaks to the degree to which she believed that she was legally culpable and politically vulnerable for her gross “lapses in judgement.”
In regard to like circumstance wherein the communication of other prominent American politicians are being routinely intercepted, I would refer everyone to the testimony of NSA whistle blower Russell Tice. According to Mr. Tice, the NSA has been routinely intercepting the communications of prominent politicians, industrialists, bankers, intelligence officials, and military officers for decades. Tice also reveals that, more recently, the NSA has acquired the necessary power and infrastructure to monitor and store all digital communications across the globe in real time. If all of this were not bad enough, it is also alleged by Tice that politically compromising information is used by the upper echelon of the NSA (e.g. General Alexander) to manipulate the American political landscape on a grand scale.
https://www.youtube.com/watch?v=g1Lurd5QvZA
Blaming the Ruskies for that which the NSA is most likely guilty – covertly feeding Clinton’s emails to Wikileaks – is standard intelligence trade craft.
Nice job, Micah.
But it would really be nice if people didn’t continue to use phrasing like:
“It certainly isn’t proof that the same elite Russian hackers who compromised the Democratic National Committee and John Podesta’s email are also targeting your company. ”
There is, of course, no evidence “Russian hackers” did any such thing. The word “allegedly” cures this fallacy:
“It certainly isn’t proof that the same elite Russian hackers who allegedly compromised the Democratic National Committee and John Podesta’s email are also targeting your company.”
There … fixed it for ya.
I think Micah used that phrase deliberately. This article is an example of double speak. While pretending to do the exact opposite, Micah is peddling the lie of Russians hacking the DNC and John Podesta.
Seventeen separate agencies and a private security firm have all traced the hacks to the Russians. That’s 18 groups of experts who have their professional reputations on the line. And then there’s the Intercept, who, if I’m not mistaken aren’t cyber intelligence experts. Will you at long last stop covering for Putin and Trump? I wouldn’t be surprised in the Intercept was getting back channel money from the Putin regime. And this is coming from someone who wasn’t a Hillary supporter. This is coming from somebody who cares about facts.
This is why I wrote, “It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. But the Grizzly Steppe report fails to adequately back up this claim.” I think that if these government agencies didn’t just publish their conclusions, but also enough of their methodology and data so that people could reproduce their conclusions, this would be so much harder to argue against.
I’m baffled that your article was about the very lack of any solid evidence, yet you conclude not only that the Russians did it–whatever “it” is. That has yet to be explained–but that it was ordered by the Russian government itself.
How could you possibly be so sure who ordered it?
Yes, we could have Tom Cruise in a moment of courage brazenly ask Putin on the stand if he ordered the code red. Then we’d know for sure; you’re goddamn right we would.
I’m sure these agencies are sharing info and working to reproduce the conclusions across the different agencies. But, simply laying bare all their methods and all their data for all the world to see is not how intelligence works. You don’t want the people your investigating to be aware of your investigative methods. They’ll simply adjust their operations to hide themselves better. Look, there’s just no good reason for a bunch of cyber intelligence nerds to be in on some grand scheme to undermine Donald Trump and Vladimir Putin. They’re just professionals doing their jobs. Simply putting CIA or FBI on an action doesn’t make it nefarious.
The word “plausible” opens up a bottomless pit. Any number of “plausible” explanations can be imagined, virtually without limit. But that tells us nothing about what really happened.
Example:
Gaining access to Podesta’s machine would have required no more than making a few attempts to log in using obvious, dumb-ass credentials of the kind dumb-ass people persistently tend to use. Imagine some casual hacker’s amusement to find Podesta was actually using (if you can believe it) super dumb-ass credentials like these:
Login ID: jpodesta
Passwd: p@ssw0rd
How many guesses to hit that dumb-ass combo — 10, 20? Assange said a 14 year old could get into this box. And he’s right.
Why reach for “Russian hackers” to explain how email on that machine was hijacked when the only question is how many times that machine was owned on behalf of how people from how many nations? The whole world could have been in and out of that machine and Podesta would have been none the wiser.
Oh, and here’s the really astonishing thing: his admin KNEW he was using these dumb-ass credentials. I assume this is the same admin who also mistakenly told Podesta to open a phishing email when he really meant to say NOT open it.
But “Russian hackers” come to the top of the “intelligence agency” list as the single most “plausible” explanation for how the emails got pilfered? Really?
No. Let me suggest the most “plausible” explanation is compound, cosmic stupidity. Who took advantage of that stupidity could “plausibly” be a cast of thousands, half of them from China.
@ Micah Lee
As far as I’m aware “17 intelligence agencies” have not independently stated that they have undertaken and investigation of the hacks/leaks, and it is the independent (and consensus) conclusion that all 17 believe these hacks/leaks were a) carried out by Russian government operatives, and/or b) for the purpose of swaying the election to Donald Trump.
I have seen the ODNI’s James Clapper claim to speak for those, unnamed 17 agencies, as DNI, but the only “intelligence agencies” I’ve seen even weigh in on the topic are FBI (is this really classified as a US “intelligence agency” because I thought it was federal law enforcement), CIA, ODNI and obliquely (and not one way or the other) an anonymous source from the NSA.
So if you could please provide a link to the list of those 17 US Intelligence Agencies and their independent and/or signed consensus opinions it would be greatly appreciated.
If you care about facts, as you say, you should have said “Seventeen separate agencies WHO ARE INFAMOUSLY UNTRUSTWORTHY and a private security firm WHO OBVIOUSLY MAY HAVE AN AGENDA have all CLAIMED THEY HAVE traced the hacks to the Russians WITHOUT PRODUCING ANY EVIDENCE OF THIS” instead of what you wrote.
Are they infamously untrustworthy though? Are you going to argue that a group of cyber intelligence professionals who were tasked with sourcing these hacks are all DNC shills? Across 17 agencies and a private company, all of the probably dozens of people working on this are in the pocket of the DNC? Please stop with the conspiracy theories. That’s how we ended up with the soon to be occupant of the White House in the first place. And you obviously know nothing about how intelligence agencies work. The evidence has been produced to both Obama and to will be to Trump on Friday and has been to members of the Congressional intelligence committees. That’s because some of it may be classified and making their methodology public, would make it easier for cyber criminals to avoid detection. Enough with hard left and hard right conspiracy mongering.
Enough with your gullibility!
The theater of left versus right is absolute nonsense and needs to be transcended, and respect for governmental or corporate institutions is a hallmark of childish worship of authoritarian manipulators.
Support for either the “left” or the “right” (in simple terms either Democrats or the GOP) in this scenario means you accept a false paradigm.
And I do know how intelligence agencies work. They are often guilty of subterfuge, lies and even murder.
You could make it up, but you don’t have to. ;^)
Congratulations, Marco. You win the Most Ridiculous Comment of the Day award for Wednesday (so far).
No Doug, I think buying into conspiracy theories about the evil intelligence community being out to hurt poor little Donald and Vladimir is the most ridiculous thing of the day so far. I’ll take a page out of your book: where’s your evidence the Intercept isn’t paid off by Putin? Huh, huh. See, conspiracy theories can go both ways. This whole issue has been a real lesson in how the hard left and the hard right have way more in common then they have differences.
Marco, I’d suggest you head over to the Innocence Project, and read a few of the files about cases where the people were convicted, and spent decades in prison, for crimes that it has been proven they didn’t commit. You’ll see, time and time again, separate experts (including scientists) and witnesses who were convinced by the ‘knowledge’ that that person was guilty to obfuscate, distort, or ignore what their own eyes/skills were telling them because that didn’t support the ‘known’ guilt. Instead, they’d either focus solely on the things that suggested guilt was possible, and ‘sex it up’, or outright lie in order to help convict someone who was in fact innocent.
One major flaw in your argument is that those agencies and firms actually expect any risk to their professional reputations, even if they’re blowing smoke and don’t actually have any real evidence. I don’t watch the MSM but I’m assuming outside of rather niche areas like this most news are reporting the russians behind the hacks as fact?
In any event James Clapper outright lied to Congress, a felony. He still has his job. Others have destroyed videotape evidence, tortured people, etc. Still have their jobs, no criminal charges filed, some even promoted. Despite now having professional reputations of lying to Congress, torturing people, and destroying evidence.
So why on earth would they be scared of any consequences even if it comes out that they were deliberately misleading the public on how strong their case of Russia behind this is? What precedent is there? None.
The people that lead the agencies aren’t the ones tasked with investigating the cyber attacks. There are computer and IT experts who do that. What do they stand to gain by helping the DNC? The Democrats are out of power. Given Trump’s authoritarian style, he’d be likely to sack anyone involved with this investigation. These people are cyber intelligence analysts, not mustache twirling tools of the “Empire.” This is all silly nonsense. Look, if it were Russian or Chinese intelligence agencies accusing U.S. or Western powers of hacking into their affairs, you people would swallow it whole cloth. Because ideology means more to you than common sense.
What you’re lacking is intellectual rigor.
That’s imprecise. At best, they can trace hacks to hackers who appear to be Russian, but they don’t seem to know if and how they are connected to the Russian state.
This comes to show you’re willing to concoct and believe ridiculous conspiracy theories, and fling serious accusations, without one shred of evidence. Again: anti-intellectualism 101.
What’s intellectually rigorous about just believing doubts thrown out by a reality TV star turned U.S. President and a Russian autocrat without them providing any credible reason for those doubts? And I’ll point you to my statement, I said I wouldn’t be surprised if the Russians were funding the Intercept. Not that they are for sure, just that I wouldn’t be surprised. Now who is lacking “intellectual rigor?” These are dozens of well-trained cyber security experts, they aren’t intelligence operatives. I’ll believe them over 100 ideologically driven news magazines.
The Russians aren’t funding the Intercept.
The dozens of “well-trained cyber security experts” are (1) jumping to conclusions they have no basis to make, and (2) are in the business of scaring people about cyber-security threats.
Let us make it 17 groups have their reputation on line. Paraphrasing a former CIA operative: We will have done our job when everyone believes only what we tell them. One of my communication professors of old said when you lie you lose credibility.
You have confessed that this opinion is not backed by any technical data, which makes it glaringly odd – particularly since your field of expertise is computer science and not political extrapolation.
Thanks for letting us know that you KEEP logs and don’t immediately destroy them. Knowing this, in the interest of real privacy, we should either NOT visit your site or use TOR (but not without an additional proxy and obfuscation).
IndyMedia set a policy of keeping no logs in 1999.
It was wise then and wise today.
Could it be that one of those “hackers” readin yu via TOR is @ioerror ?
btw – you are one of the individuals who should be trying to restore him as a whole member of the privacy community by admitting your error in the recent effort to silence him with a shitstorm of unsupported and childish allegations, that have since been disproven – but he remains an outcast because people like yourself are not capable of admitting the grievous error they’ve made.
Jake Appelbaum has done more to spread the knowledge liberated by Snowden than all of The Intercept_
We still have the videos, and the leaks he shared that even The Intercept_ didn’t dare touch.
https://www.indybay.org/newsitems/2014/08/30/18760904.php
The US Government is in the business of defrauding and bilking American citizens.
WMD
WAR FRAUD
HUGE MILITARY BUDGETS AND OVERRUNS
NATO
INCOMPETENT CORRUPT CONTRACTS FOR CONTRIBUTORS
UNNECESSARY & COUNTERPRODUCTIVE & THIEVING FOREIGN POLICY
TPP STYLE TRADE DEALS
WALLSTREET FRAUD & BAILOUT
The US government run by the crooked corrupt criminal dumb&dumbers are bankrupting the people of the America.
http://www.zdnet.com/article/no-smoking-gun-for-russian-dnc-hacks/
The U.S. government’s primary businesses are fraud, and theft. The U.S. is also the largest state sponsor of terrorism the world has ever known. The U.S. security state makes U.S. citizens less safe, not more safe. It is also a large contributor to pushing the federal government closer and closer to insolvency., thus making U.S. citizens increasingly less economically secure.
it is my observation that the wallstreet fed reserve zionista owners of the fraudulent US currency are simply printing money for the military and foreign policy thieves and effectively torpedo’ing mainstreet and dont really give a darn. They have a flippant arrogant attitude and the sinister expressiveness. Their magic solution is to declare russia an enemy, print money for nato thieves, then have wars and call dead Americans heroes.
what a scam.
I get the feeling that someone is sharing information that is so top-secret they can’t reveal the source or even the existence of the slam dunk they know exists.
Schwartz, and now Micah, persist in asserting their belief the Russians wanted to influence the election yet acknowledge they have no solid evidence.
This is how propaganda is manufactured and distributed; willing tools.
also the dumb&dumbers just giving it away
US government subcontractor leaks confidential military personnel data
http://www.zdnet.com/article/us-government-subcontractor-leaks-confidential-military-personnel-data/
What, you don’t wholeheartedly believe that you were hacked by the Russkies!? Are you now or have you ever been a Putin stooge?
Micah, as can be seen just below, some regular readers and commenters wonder about the basis for your statement:
Especially coming, as it does, after you carefully refute the notion that the “suspicious IPs” constitute evidence )of anything), making that statement without explanation or supporting evidence seems particularly odd — and that’s the most polite thing I can say about it.
I think you should tell us why you think that “hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump,” and be prepared to defend your reasoning. To fail to do so will be to significantly undermine your credibility wrt matters such as the one under discussion.
Just so it’s clear, I think the notion is implausible and unlikely and I’m prepared to explain why I think that. However, I didn’t make the initial claim, you did, so. . . you go first.
http://www.nytimes.com/2016/12/12/world/europe/rex-tillersons-company-exxon-has-billions-at-stake-over-russia-sanctions.html
“Exxon Mobil has various projects afoot in Russia that are allowed under American sanctions. But others have been ground to a halt by the sanctions, including a deal with the Russian state oil company to explore and pump in Siberia that could be worth tens of billions of dollars.
Russian officials have optimistically called the agreement a $500 billion deal.”
please pay attention
Please learn to pay attention to matters actually under discussion, rather than to your imagined explanations for claims without evidence.
Or don’t, but, if you don’t, try not to waste space on the page with irrelevancies.
Don’t pollute The Intercept with links to fake news sites like “nytimes.com”
the Murder of SETH RICH is the key
This piece is amusing since I am a regular reader of your blog here and on your personal website. I have left several comments and I know I’m not a Russian hacker. I live in the States! The Government is nuts sometimes.
How do you know you’re not a Russian Hacker? You might be one of the reasons for the proposed changes in Federal Rules of Court Procedure 41 – if you somehow allowed them to pwn yr computer.
@Micah
If this statement is true,
then, why do you come to this conclusion?
Aren’t you simply making an unfounded assertion in the very same manner as the U.S. Government?
My thought exactly.
i wonder much that some of these “on the other hands” act as disclaimers so that TI does not catch too much heat. As if to let the gov believe they are saving face with a slight change of clothes. Or so as not to be branded by government and msm extremists.
Either one of your two statements is incorrect or you are relying on an unfounded assertion of the U.S. government as well as other unfounded assertions in the media.
The only other alternative is……you’re guessing. Is that what you want us to really believe? I hope not.
“It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks . . ”
You could have mentioned that Craig Murray (who delivered the email data to Wikileaks) and Julian Assange have totally denied this,
See
https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/
and also the recent (yesterday) interview of Assange by Sean Hannity,
https://www.youtube.com/watch?v=Dg6gu3qY7rA
Micah Lee
Most of the regular readers here trust your judgment about these issues more than we ever would our government. So, in good faith, could you please explain why you make the following statements:
AND
So, again, in good faith:
1) Why is it “clear to you that there is a much larger body of evidence against Russia that [the US government is] not publishing yet.”?
2) What “much larger body of evidence”, if any, exist other than “intercepted emails or phone calls from within the Kremlin, or more complete technical details that connect dots directly to the Russian government.”?
3 ) Why if such a “body of evidence” does exist would the US government not publish it? If everyone, including the Russians know the NSA can tap anything and everything (realistically if not literally), then what harm is there to “intelligence methods or sources” to publish that “large body of evidence” if it in fact exists?
4) Given 1)-3) above what evidence available now makes you take advocate this level of personal certainty: “It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.” with regard to both the motive (influence to benefit Trump) and ultimate culpability (“under orders from Russian government”).
Thank you in advance. Genuinely. I don’t trust the US government to be honest (because they have a long and verifiable well-documented track record of being both dishonest and wrong particularly on issues concerning Russia), but I have no reason to doubt your honesty and intellectual integrity at this point, assuming you can give reasonable answers to the above questions.
@ Micah Lee
Follow up question:
5) Can Tor nodes be penetrated in such a way by the NSA or someone else in such a way as to defeat the purpose of TOR to disguise a true internet IP address?
6) What is the technological difference and/or difference in purpose between the “1000 Tor exit nodes” in operation today and the approx. “6000 other type of Tor nodes” that would constitute the “7000 total Tor nodes” you said are in operation today.
Thank you again.
@ Micah Lee
Last follow up question.
7) Given that the world is/has long been aware of some of the NSA’s capabilities and capacities, do you really believe that if the US, or Russia, were to desire to interfere in another country’s election that the “orders” to do so would come from and e-mail or telephone address traceable to either the White House or Kremlin, because you stated that the following could exist “such as intercepted emails or phone calls from within the Kremlin”.
I mean is “spycraft” that predictable that when nation’s spies and spy agency heads decide to undertake a particular bit of spying or intelligence work that they give their orders from their “agency phone numbers” and “e-mail accounts”? Seriously?
I would think at the very least the NSA, CIA and every other alphabet agency or intelligence functionary would be engaging in high risk operations using something exactly like Tor so that they can have plausible deniability if it blows up in their faces. And if they aren’t isn’t that particularly weak “intelligence” work or “spycraft”.
I mean if our intelligence agencies and agents are really as bumbling and stupid as those painted out in Burn After Reading and they have such a long and distinguished and well-documented history of being catastrophically wrong, outright lying, or fucking shit up unnecessarily, why should anyone have any faith whatsoever that those agencies are actually working in the American people’s best interest, or to even “protect us”?
Do you honestly believe that’s the purpose of America’s multiple “intelligence agencies” are designed or used to “protect the working class people of America”? I hope not, otherwise I have some very large pieces of very unstable bridge to sell you.
These are a lot of questions, and none of it has to do with the primary topic of this article. But I’ll give it a shot:
1 and 2: DNC was hacked. There is a lot of evidence that gets created when something like this happens: malware samples, network logs, system logs, data from workstations, servers, and routers. There are probably suspects, interviews, and surveillance that went into the investigation as well. Of course this all exists, but barely any of this is public. If more of it were public, it would be easier for the public to independently verify the claims. But yes, of course there is a ton of evidence that isn’t public.
3: The investigation is still on-going. It’s all classified. They don’t want to expose their sources and methods, because if they do that they risk losing them in the future. (Also, NSA isn’t magic. Obviously they can’t tap anything and everything, especially if their sources and methods have been blown and their targets take countermeasures.) I’m arguing that it’s worth it, if it means they can publish more evidence.
4: There is strong evidence that APT28/29 hacked the DNC, but much weaker evidence that they work directly for Putin. There’s also a lot of circumstantial evidence: attackers probably speak Russia, are likely physically in a Russian timezone, etc. I’m definitely not taking the CIA/FBI/Obama admin at face value, but I also don’t think their statements are just meaningless lies. So I don’t know for sure, but I think it’s likely.
5: Sometimes, especially if the attacker runs malicious nodes and comes up with clever attacks. This is an area of constant new security research. But in any case, Tor represents the state of the art of anonymity research.
6: There are 7000 Tor nodes, all of which make up Tor circuits to route traffic, but only 1000 of them are configured in such away to let traffic exit out of the Tor network. So only exit nodes will be making connection to the public internet, the rest of them only help route traffic through Tor.
7: You think 100% of Russia’s top secret communication is face-to-face? If not, then they must use digital networks to communicate.
Micah:
I haven’t seen any evidence that the DNC was hacked — no samples of the malware, no verified copies of the log entries or anything else on your list. Have you? If not, why do you believe it happened, other than believing what you have been told?
Micah:
This is all guessing and speculation — not a shred of evidence in the assertions. What the hell do you mean, “Of course all this exists?” How would you know? If you can’t tell us, why should we believe you are doing anything other than guessing or promoting unsupported claims for unknown reasons?
Micah:
Sheesh, Micah! APT28/29 (Fancy Bear, Sednit, etc.) are not people, groups of people or agencies! They are collections/categories/variants of similar malware. To say that they were used to hack the DNC is to say nothing at all about the identit[y|ies] of the alleged hacker(s).
The “likely speak Russian,” are “in a Russian timezone” assertions, even if true, are no evidence of anything, although if such traces were left, they would indicate to me that Russian state actors were very likely not involved.
If you don’t have any more than the above, I have to conclude that you don’t have any serious reason to believe what you do and (I’m sorry) that you really aren’t qualified to analyze matters such as these.
1. hacking someone’s login email account would be accomplished using any number of VPN tunnels from any number of services so there is absolutely ZERO chance of pointing to any country.
2. hacking an email server would be accomplished by another email server specially crafted for exploiting vulnerabilities in those protocols. Such a server micht be found in Ukraine.
3. The chinese are actually much better at barnstorming servers than anyone else.
sure – russia could have done it, so could a guy in argentina, or brasil, or malaysia, or france – IF it was hacked at all. But imo, this is a distraction for getting away from and staying away from the inside job and the murder of Seth Rich.
ecommcon
BuzzFeed reports that all of the assessment of the DNC servers comes from Crowdstrike: the FBI never sought access to the servers. So all of the forensic assessment of the servers comes from a private company hired by a political party during an election at a time when they desperately needed a narrative to counter forthcoming publications that were likely to be damaging.
I don’t know why you conclude it’s “likely” when you’re aware of all the ambiguities of the evidence and the fact that it’s circumstantial. You’re presumably also aware of all of the possibilities of spoofing/false flags and the like. It seems to me that your assessment that it’s “likely” is a personal choice, a belief that you choose to embrace.
Source: https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers?utm_term=.gjR6bnZb0#.vg9QW3AWE
Of course it’s a personal choice. There isn’t enough information to be sure one way or the other. That’s why I said “in my opinion.”
I meant a personal choice based on what you WANT to believe. When I form an opinion based on my best assessment of the evidence I don’t describe it as a “choice”. Choice has an element of personal preference.
Thanks to all those who’ve made excellent comments on this.
A lot of people trust what you say Micah, perhaps because you write for The Intercept. I want to trust your “opinion” Micah. But you’re not telling us why this is your opinion. And RRHeard has asked you simply to state why your opinion is that the Russian hack is likely. And your answer is just that “there is evidence” and you don’t provide any.
I’m no hacker, but it seems like it would be quite simple to add an update to your article and clear up the confusion that you’ve generated in your readers, as to why you are of the opinion you’re presenting.
” And your answer is just that “there is evidence” and you don’t provide any.”
I believe firmly that Micah has been given a peek at some ‘top secret’ information by CFR Intern Matt Schwartz after one of his field-trips to the CIA.
Micah seems to be saying I know it’s true but if I tell you how I know I’d have to kill you …
If you believe that a foreign government hacked the DNC with the intention of putting their preferred candidate in the White House, why do you think it was the Russians, rather than, say, a certain other government that has a history of intervening in American politics. You know, that one who’s leader cooperated with the Republicans in an effort to undermine the authority of the present President. Or do you fear the ‘anti-Semite’ label as much as you appear to fear the ‘Russian stooge’ one?
Well that was a waste of time. We already knew from other reports about the many apparently benign IP addresses in the Grizzly Steppe document. After all this, the article concludes with the assertion that the Russians mostly likely intervened in order to get Trump elected. The assertion that the Russian leadership wanted Trump to win is one of those unexplored assumptions (like “The Clinton Foundation does good work”) that is hauled out repeatedly to fill a gap in the evidence. I’m not really convinced that the Russians cared that much about who came to power, and some may have actually preferred Clinton. Some Russian commentators have explicitly said that Clinton was preferred, for varying reasons – she is a known quantity, has experience in international relations, and would guarantee the continuing decline of US hegemony. You need to at least make the argument; we don’t all accept these kind of assertions without question.
Davos. Damn autocorrect!!!
Frankly my dear, I don’t give a damn about who found the filth that WL exposed. The shit that the corporate part of the D party did to Senator Sanders is what gave the USA the Trumpstr, not Russia or anyone else. Trump is the first non “sock puppet”, perhaps, ever. He is a renegade part of the power structure but it will be hard for him to be worse than any P since LBJ for the working class. Personally, I am hoping isil blow’s up Davis when they are all there!
Yes, good. Reveal that “report” for the blatant fraud it is. But as virtually all other commenters point out, your opinion that “it’s…likely that [blah blah Russia blah hax0red Hillary blah blah]” remains fully unsupported and serves only to advertise your unthinking faith in the latest round of propaganda.
“It’s plausible, and in my opinion likely, that hackers under orders from the Russian government [was] responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.”
Please provide your reasons for making this claim.
On another note: I am using the latest Opera browser with integrated VPN and have wondered abouts its efficacy. If I go to your blog (I just did a bit ago) will it show my actual IP address or the one provided via SurfEasy, the VPN provider that the Opera browser uses?
If VPN’s like this do work, have been around for quite a while, and are inexpensive (in my case, free) and becoming are more ubiquitous, why then would any hacker leave a trail of IP addresses, ever?
You are leaving an IP address, always. It’s the return address for the requested data, and the server couldn’t serve you without knowing it. For both TOR and VPN services your IP address is replaced by the service’s. Kinda like a forwarding service.
The Opera VPN should (mostly) protect your IP address. However, there are many ways you can still screw up. If you visit any website you’d previously visited without the VPN, you can be identified via cookies or much-harder-to-avoid mechanisms like the one https://panopticlick.eff.org shows in action.
Hackers do use VPNs or Tor, the latter of which may be preferable for them because it’s (theoretically) safer. With VPNs you rely on the service provider’s honesty and competence.
As for the question regarding Micah’s believing of the government’s position: The idea of questioning authority is important for a functioning democracy – but so is a certain amount of trust. Every day, we rely on trusting on hundreds of people: “yes, that guy will stop at the red light”, “A licensed pilot is competent to fly this plane”, “this wine is not toxic”. The US government actually has historically been rather trustworthy. One of the principles has always been “we do not lie to the press or the public”.
Thus, the government has on millions of occasions refused to answer certain questions, but the instances where they have knowingly lied are few and far between – the only one I can come up with was regarding Iraq, and I believe there’s solid evidence that that was the work of a really small group at the top (with the intelligence agencies being pressured into conclusions they felt quite uneasy about).
You can’t really believe the above do you? If you do, I could sit here and document literally for hours the instances, on highly consequential issues like war, funding and support for dictators and murder squads, and outright fabrications and stories concocted to cover-up government malfeasance in the US just since the end of WWII.
It isn’t a question of whether the US government on balance tells the truth most of the time on the mundane things of daily life like “is this wine toxic” or “is this airline pilot competent to fly your commercial jet liner” because there is very little incentive for those government officials to lie.
The relevant question is do politicians and governments lie and cover-up the truth on the most consequential issues of life and death for millions of people at a time all over the globe in the context of–economic decisions, disease control, and most importantly war and foreign policy.
I’m not particularly tech savvy. I use a VPN, but not to dodge gov’t eyes. I use one simply to create an added layer of protection from all the other riff raft out there in cyber world. I don’t know if it really helps in that regard. I hope so.
I figure TOR (vpn and browser) is overkill for my needs. Am i wrong about that – a standard vpn proving a worthwhile layer of protection? I’m honestly asking a question.
@Matthias Winkelmann
Thanks for the reply. With regard to understanding that computers leave IP addresses that are traceable, that’s a given, same as with idea that if my VPN doesn’t work (or law enforcement submits a valid warrant/search request) the true IP address will be revealed.
With regards to cookies being used for tracking – without a VPN – I get that as well.
The link you provided regarding the “browser fingerprint” as a means, in and of itself of web-tracking seems akin to the bite-mark evidence that has recently been debunked in criminal cases – a pseudoscience of marginal worth in providing actual evidence that the person who allegedly bit (or visited a website) is in fact the droid you’re looking for.
Evidence isn’t ever really evidence unless it’s submitted for scrutiny.
The most disturbing thing you posited – that we must allow for a certain level of trust in our government to guide our decision making I find, quite frankly, to be extremely, extremely disturbing – and utter bullshit.
Our government isn’t a private citizen at a stoplight or a private citizen flying an airplane, they’re composed of public servants that are supposed to represent and protect me based on the best evidence available at the time.
Your assertion that “One of the principles has always been “we [the government] do not lie to the press or the public” is as laughably wrong as it is extremely dangerous to a functioning democracy.
I don’t have time to adequately unpack that comment and its implications right now – and boy am I royally pissed off that a fellow citizen (I’m assuming here) actually believes this – one single bit.
Q: what’s for lunch?
Gov: pizza
Lie detector: TRUE
Q: How did you vote on that bill?
Gov: i voted against the bill.
LD: TRUE
Q: Have you been collecting information on Americans without their knowledge or permission?
Gov: no.
LD: LIE
few and far between? sure – between pizza and privacy. or between pie and voting rights. or between making a date error on a mortgage application and being threatened with 20 years in prison vs being a criminal on wallstreet who steals home regularly.
it’s not the facts that are getting in the way – it’s the reasonableness.
Respectfully, I think you’ve got too much time on your hands, Micah. ;)
There is nothing respectful about your passive aggressive douchebag emoji. ;)
It matters little what you or I might think. Bwa-ha-ha!
And may I refer you to https://theintercept.com/comments-policy-and-guidelines/ ?
Some good technical points but your jumping to a conclusion on zero evidence is on par with the spook gangs’ own propaganda.
Did the Russians rig the primary so Mrs Half A Waffle Shop could beat Mr Stadiums and ultimately lose to Trump?
Or is our impending serving of Trump in fact due to the corrupt Clinton campaign and DNC? BTW, who immediately hired DWS after she was fired for rigging the primary?
You say “It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. ” Russians are no doubt interested in hacking prominent people the world over; so is the US and any number of others. But is there any evidence that the Russians pass on what they learn from hacking to third parties for publication? In particular, does the US gov’t claim to have even a shred of evidence, classified or otherwise, to show that Wikileaks got the emails from any hackings that they or may not have occurred? No. So why do you think it is “likely” that Wikileaks is either lying or mistaken when they deny that Russia or any state actor was the source, and when people close to Wikileaks like former ambassador Craig Murray say that Wikileaks obtained the material from insider leakers and not outsider hacks? For you to say it is “likely” you must have some knowledge I don’t about Wikileaks’ source. So please publish it.
There are many, many shreds of evidence that point to Russia being responsible for the DNC and Podesta hacks, but unfortunately it’s mostly shreds. Government officials do often lie, but for Russian involvement in these hacks to be a lie there would have to be a massive, coordinated, and unprecedented bipartisan conspiracy across many parts of the government and the intelligence community. It is possible, but I think it’s far more likely that the intelligence community is just unwilling to publish anything that might betray their sources and methods. But, like nearly everyone (including you), I can’t know for sure without more information.
The problem with classified national security Intel is that it is the easiest way to create a massive bi partisan agreement on something that is totally false without it really being a conspiracy. This was repeatedly true in the years after 9-11 when, because a few people in the CIA lied about intel, we got a massive consensus that torture was necessary, that it worked, that it wasn’t really torture, that Al Qaeda was on the verge on another major attack, that there was an Al Qaeda in Iraq and that there were weapons of mass destruction. Russia is the current boogeyman.
You mean like the totally unprecedented bipartisan conspiracy to manufacture and disseminate lies about Iraq possessing weapons of mass destruction as the causus belli for making war against a sovereign nation that I think passed the US Congress with about 99% approval from both sides of the aisle?
How about the myriad bipartisan and not so unprecedented lies told during the Vietnam war era both in instigating it, in regards to the “threat of communism” and the actual conduct and situation of the war?
Seriously, you should know your history better before making statements like that. I and a lot of The Intercept’s readers lived through these types of lies for decades, and why someone as apparently as smart as you would be buying them, in the absence of smoking gun proof, is completely beyond some of us.
Like WMD? How old are you?
@Micah Lee
“For Russian involvement in these hacks to be a lie there would have to be a massive, coordinated, and unprecedented bipartisan conspiracy across many parts of the government and the intelligence community.”
Actually, Chuck Schumer let the cat out of the bag today. He said Trump was being “really dumb” for picking a fight with intelligence officials, suggesting they have ways to strike back. “You take on the Intelligence Community and they have six ways from Sunday at getting back at you.”
So it’s not so much a ‘massive, coordinated, bipartisan conspiracy’ as much as a conspiracy of silence to protect their own careers and lives.
Who’d dare disagree with the IC with that hanging over their heads?
Schumer’s revealing remark should send a shiver down the back of any thinking person about who really controls operation of government.
Since a rumor is afoot that Trump & Company will overhaul the intelligence structure, it could be there’s a huge confrontation coming between the incoming president and the IC people who supposedly report to him and do his bidding.
Trump doesn’t appear to be much intimidated by threats of any kind, which is unusual in an office generally occupied by empty suits.
If the resident intel community has routinely exercised power by threat to expose people’s embarrassing personal details (like J. Edgar), they may meet their match when faced with a guy from Queens who tells them to do their damnedest and then fires them for insubordination if they cross him.
Or — since they are civil servants — he just has them transferred to new field assignments. Like posting them to empty caves in Upfuckestan to weigh and count piles of camel dung and call in the totals daily for the next 4 years. The black budget should cover that expense nicely, with probably zero accountability where the money really went.
Micah, I’d suggest you take a minute to remember that old folk tale ‘The Emperor’s New Clothes’, especially the moral. It doesn’t take a ‘massive, coordinated, and unprecedented bipartisan conspiracy across many parts of the government and intelligence community’ to explain what’s going on, it just takes human nature.
Good technical analysis … but :
“It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump.”
Why plausible & likely? What’s your analytic rationale here?
Here’s what I see:
1. Endless “AngloZioSpeak” – a variation of Orwellean “TruthSpeak” where AngloZio’s project or blame their newest target in the endless hegemonic wars of their own nefarious deeds or evil intent.
e.g. “Russian Aggression” : Russian missiles, troops, warships & planes amassed from Vancouver through Alberta-Saskatch-to Nova Scotia and a ‘F–k the EU’ $5 billion price tag “Kill all Gringo’s” coup in Mexico … Oh no! Wait .. its the AngloZio-NaziNATO who are aggressing in an ever tightening noose around all Russian borders plus treacherous reneging on every agreement and convention
“Russians Invading, War Crimes – targeting hospitals etc” … ditto as USavages & Coalition of the Killing Club illegally invade, amass mega scale “collateral damage” and repeated “mistakenly” hitting hospitals, electric supply, grain silos, Syrian Army, Iraqi Army, and “mistakenly” dropping arms caches to IS / Daesh / al Queda ever morphing proxy force names
“Russian hacking to influence outcome of election” …. Hellllllooooooo!? This coming from al CIAda and SuperSnoopers R US. Gross projection of how many USavages coups, bloody UNcivil wars, assassinations, regime changes, mass murder and slaughter of e.g. Gaddafi on the streets by proxy savages, bully-bribe-blackmail-bomb ‘diplomacy’
2.To the world there is no difference between Dem-onicRep-ulsive War Party and POTUS might have some say, but the WarLords and Bald Vampire Vulture has been addicted to continual blood corpses and sucking the marrow of the world for 220years – regardless of party and POTUS.
Trump is but 1 man in a sea of neo-cons and rabid war whores.
All war models done by Anglo-NATO show no chance of winning a military war against Russia – with or without nukes … and it seems the power backing Trump are not keen to have their assets nuked.
But you can be sure the 4G Hybrid warfare will continue on all fronts for “regime change” / weakening / collapse : virulent propaganda, economic warfare of sanctions-crashing currency-commodity prices, Pussy Riot type malcontent infiltration & incitement factors, bleeding with terrorism & border hostility etc ..
3. History has proven AngloZio-dom who come in “peace” are as bad a spectre as those who show naked hostility. Any nation targeted by AngloZio Empire who had hacked dirt on known / predictable / buy-able Hitlery would surely keep it as ‘leverage’?!
I expect they ran some kind of a deeper network analysis that reveals more than they’re willing to admit. Seems they would rather give up democracy than give up their surveillance trade secrets. Rock on Intercept for calling the IP cover story as weak tea.
Ok Micah, just going on what you wrote here, almost 50% of the IP addresses are from TOR exit nodes. Ok. So, maybe you discount that 50%, that means the rest are not from TOR IPs. Why should some half the IP addresses being TOR exit nodes discount all the others? How does that really disprove that there was no Russian hack? There are still the other 50% of valid IPs. Why wouldn’t hackers use TOR to cover their tracks? The logs are still valid, just can’t be sure where 50% originated from, and that’s not damning logic.
Like I said in the article: “It’s plausible that Russian hackers use Tor to hide their real IP addresses when they do attacks, and this is likely why these IP addresses ended up in the Grizzly Steppe report. But finding these IPs in your web server logs (like I did for my website) does not mean that the Russians are attacking you.”
I see. Thank you for replying to my comment, Micah. These are trying times…
This article is feeding into the narrative that there is flimsy evidence of Russian responsibility for these hacks. However, it fails to account for two facts:
1. This report is not meant to present evidence implicating Russia. It is a practical guide trying to encourage the protection of networks from these threats.
2. The government’s statement is “Russian hackers often route their attacks through these IP addresses”. It is the author here who inverts this to “Access from these IP addresses is an attack from a Russian hacker”.
Public evidence of Russia being responsible for the DNC hacks exists (to a much greater extent than many Trump fans are willing to admit), but unfortunately it’s way flimsier than I’d hope. The Grizzly Steppe report was billed as the government finally releasing technical details about the hacks, but unfortunately it didn’t actually include more evidence of Russia’s involvement than what was already public.
But you do make a good point about how the Grizzly Steppe report lists IPs that the Russian hackers used, and not necessarily that seeing them in your logs means that it must be Russian hackers. The report itself says:
But I don’t think that’s how many people (including the Washington Post and network administrators at Burlington Electric) are taking it. My first thought when I discovered these suspicious IPs in my own logs, just like their first thought, is that these requests must be from Russian hackers. I had to do a lot more digging to realize that that wasn’t true at all.
To be completely blunt: I’m astonished that you (and Matthias Winkelmann) are as credulous as you are, especially given the news organization that you work for (The Intercept), the foundation that you belong to (the EFF) and the material that has been curated via these and other news organizations and privacy organizations.
I’m curious as to why Mr. Lee thinks it likely Russia hacked the emails? Craig Murray is on the record that he knows who did it, and it wasn’t Russia. In fact, on the record, he says he delivered them. He could of course be lying, but it’s better information than anything given by anyone claiming Russia did it.
Tor being used for nefarious purposes? Shocking
Thank you for this information.
I was wondering if you like Vodka. No doubt Trump supporters will also appreciate you’re a Lee from south of the Mason’s and Dixon’s.
Sorry, had to.
That is so incredibly misleading.
The “most transparent administration ever” intentionally distributing misleading information because most of the American public is not technical enough to separate the truth from the fiction.
What is an interesting question is why many more TOR exit nodes (or all of them) aren’t on it. If Russian hacking is so prevalent, shouldn’t the entire list have been traversed at one point or another?
I thought that the “evidence” was MUCH BETTER, trusting Crowdstrike’s claim that the hacking came from Russia. However, it turns out that there is no evidence that it really came from Russia, let alone there is not evidence of any connection of the hacking to the Russian government.
The Nation has mentioned the peculiar fact that Dmitri Alperovich, the head of Crowdsrike, is a fellow in Atlantic Council, which is StateDep/NATO sponsored neocon/neolib pro-Cold War propaganda tool. This, as well as the fact that Crowdstrike is “pay to attribute” company, has made their findings very dubious.
Also, the fact that both Crowdstrike and the government claim that APT28 (29, etc) is hacking team, while in reality it is just a combination of software hacking tools and IPs/servers/network equipment. What ACTUAL hacking team has made the DNC hack and set up the fake GMail site for the stupid phishing expedition for Podesta, is not known.
I believe the reason only some Tor nodes, and not all of them, are on the list of watchlisted IP addresses is because these specific nodes were the ones used in the DNC hack. And while it’s annoying that the government is only releasing scraps of technical details, it’s clear that there is a much larger body of evidence against Russia that they’re not publishing yet.
I’m afraid that I just don’t buy the argument that “it’s clear that there is a much larger body of evidence”. That is actually not clear at all and every day that goes by without a shred of irrefutable evidence that links any hacking to the Russian head of state gives cause to believe that this is nothing more than a deliberate attempt to cast a pall over an incoming administration that the current one doesn’t like.
That document was supposedly intended to help people decide if their organizations were under attack previously and to assist in protecting themselves from further attacks. Half of the list being composed of TOR exit nodes accomplishes neither. It’s going to create a gargantuan number of false positives that may cause unwarranted fear among organizations lacking technical competence to interpret it. This document is security theater.
it’s not just annoying that the government is only releasing scraps of technical details, it is WMD’ly deceiptful.
the key is the MURDER OF SETH RICH.
thanks for your article.
Wow. Micah, having now read all your replies (up to this point) to people questioning your astonishing statements about the DNC privacy breaches being a) hacks rather than leaks and b) that it was Putin’s work it is crystal clear that you are one more agent working to “manufacture consent” despite all actual evidence to the contrary. You have permanently ruined your own credibility. Shame on both Intercept and EFF if they keep you around. Go work at the Washington Post where you belong. Incredible.
It is kind of shocking to read that you keep the IP logs of those who visit your blog and site. Could you explain that, please? It’s hard to understand how a privacy-aware person like you do that.
I just start to ask myself if Onionshare leaves any kind of user-identification trace…
Every web server keeps logs. It’s not shocking at all.