January 3, 2017

Over the past few days, several longtime readers have asked why I haven’t written about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the U.S. Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups.

I’ve avoided covering these stories mainly because I don’t have any original reporting to add to them, and because I generally avoid chasing the story of the day — preferring instead to focus on producing original journalism on cybercrime and computer security.

dncBut there is another reason for my reticence: Both of these stories are so politically fraught that to write about them means signing up for gobs of vitriolic hate mail from readers who assume I have some political axe to grind no matter what I publish on the matter.

An article in Rolling Stone over the weekend aptly captures my unease with reporting on both of these stories in the absence of new, useful information (the following quote refers specifically to the Obama administration’s sanctions against Russia related to the DNC incident).

“The problem with this story is that, like the Iraq-WMD mess, it takes place in the middle of a highly politicized environment during which the motives of all the relevant actors are suspect,” Rolling Stone political reporter Matt Taibbi wrote. “Absent independent verification, reporters will have to rely upon the secret assessments of intelligence agencies to cover the story at all. Many reporters I know are quietly freaking out about having to go through that again.”

Alas, one can only nurse a New Year’s holiday vacation for so long. Here are some of the things I’ve been ruminating about over the past few days regarding each of these topics. Please be kind.

Gaining sufficient public support for a conclusion that other countries are responsible for hacking important U.S. assets can be difficult – even when the alleged aggressor is already despised and denounced by the entire civilized world.

The remarkable hacking of Sony Pictures Entertainment in late 2014 and the Obama administration’s quick fingering of hackers in North Korea as the culprits is a prime example: When the Obama administration released its findings that North Korean hackers were responsible for breaking into SPE, few security experts I spoke to about the incident were convinced by the intelligence data coming from the White House.

That seemed to change somewhat following the leak of a National Security Agency document which suggested the United States had planted malware capable of tracking the inner workings of the computers and networks used by the North’s hackers. Nevertheless, I’d wager that if we took a scientific poll among computer security experts today, a fair percentage of them probably still strongly doubt the administration’s conclusions.

If you were to ask those doubting experts to explain why they persist in their unbelief, my guess is you would find these folks break down largely into two camps: Those who believe the administration will never release any really detailed (and likely classified) information needed to draw a more definitive conclusion, and those who because of their political leanings tend to disbelieve virtually everything that comes out of the current administration.

Now, the American public is being asked to accept the White House’s technical assessment of another international hacking incident, only this time the apparent intention of said hacking is nothing less than to influence the outcome of a historically divisive presidential election in which the sitting party lost.

It probably doesn’t matter how many indicators of compromise and digital fingerprints the Obama administration releases on this incident: Chances are decent that if you asked a panel of security experts a year from now whether the march of time and additional data points released or leaked in the interim have influenced their opinion, you’ll find them just as evenly divided as they are today.

The mixed messages coming from the camp of President-elect Trump haven’t added any clarity to the matter, either. Trump has publicly mocked American intelligence assessments that Russia meddled with the U.S. election on his behalf, and said recently that he doubts the U.S. government can be certain it was hackers backed by the Russian government who hacked and leaked emails from the DNC.

However, one of Trump’s top advisers — former CIA Director James Woolseynow says he believes the Russians (and possibly others) were in fact involved in the DNC hack.

It’s worth noting that the U.S. government has offered some additional perspective on why it is so confident in its conclusion that Russian military intelligence services were involved in the DNC hack. A White House fact sheet published alongside the FBI/DHS Joint Analysis Report (PDF) says the report “includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order conduct their malicious activity in a way that makes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this infrastructure, in other cases, this information is newly declassified by the U.S. government.”


As I said in a tweet a few days back, the only remarkable thing about the hacking of the DNC is that the people responsible for protecting those systems somehow didn’t expect to be constantly targeted with email-based malware attacks. Lest anyone think perhaps the Republicans were better at anticipating such attacks, the FBI notified the Illinois Republican Party in June 2016 that some of its email accounts may have been hacked by the same group. The New York Times has reported that Russian hackers also broke into the DNC’s GOP counterpart — the Republican National Committee — but chose to release documents only on the Democrats.

I can’t say for certain if the Russian government was involved in directing or at least supporting attacks on U.S. political parties. But it seems to me they would be foolish not to have at least tried to get their least-hated candidate elected given how apparently easy it was to break in to the headquarters of both parties. Based on what I’ve learned over the past decade studying Russian language, culture and hacking communities, my sense is that if the Russians were responsible and wanted to hide that fact — they’d have left a trail leading back to some other country’s door.

That so many Russian hackers simply don’t bother to cover their tracks when attacking and plundering U.S. targets is a conclusion that many readers of this blog have challenged time and again, particularly with stories in my Breadcrumbs series. It’s too convenient and pat to be true, these detractors frequently claim. In my experience, however, if Russian hackers profiled on this blog were exposed because they did a poor job hiding their tracks, it’s usually because they didn’t even try.

In my view, this has more to do with the reality that there is very little chance these hackers will ever be held accountable for their crimes as long as they remain in Russia (or at least in former Soviet states that remain loyal to Russia). Take the case of Evgeniy Mikhailovich Bogachev, one of the hackers named in the U.S. government’s assessment of those responsible for the DNC attack.

Bogachev, the alleged Zeus Trojan author, in undated photos.

Bogachev, the alleged Zeus Trojan author, in undated photos.

A Russian hacker better known by his hacker alias “Slavik” and as the author of the ZeuS Trojan malware, Bogachev landed on the FBI’s 10-most-wanted list in 2014. The cybercriminal organization Bogchev allegedly ran was responsible for the theft of more than $100 million from banks and businesses worldwide that were infected with his ZeuS malware. That organization, dubbed the “Business Club,” had members spanning most of Russia’s 11 time zones.

Fox-IT, a Dutch security firm that infiltrated the Business Club’s back-end operations, said that beginning in late fall 2013 — about the time that conflict between Ukraine and Russia was just beginning to heat up — Slavik retooled his cyberheist botnet to serve as purely a spying machine, and began scouring infected systems in Ukraine for specific keywords in emails and documents that would likely only be found in classified documents.

Likewise, the keyword searches that Slavik used to scour bot-infected systems in Turkey suggested the botmaster was searching for specific files from the Turkish Ministry of Foreign Affairs or the Turkish KOM – a specialized police unit. Fox-IT said it was clear that Slavik was looking to intercept communications about the conflict in Syria on Turkey’s southern border — one that Russia has supported by reportedly shipping arms into the region.

To date, Bogachev appears to be a free man, despite a $3 million bounty placed on his head by the FBI. This is likely because he’s remained inside Russia or at least within its sphere of protective influence. According to the FBI, Bogachev is known to enjoy boating and may be hiding out on a vessel somewhere in the Black Sea.


For the relatively few Russian hackers who do wind up in Russian prisons as a result of their cybercriminal activity, agreeing to hack another government might be the easiest way to get out of jail. The New York Times carried a story last month about how how Russian hackers like Bogachev often get recruited or coerced by the Russian government to work on foreign intelligence-gathering operations.

The story noted that while “much about Russia’s cyberwarfare program is shrouded in secrecy, details of the government’s effort to recruit programmers in recent years — whether professionals like…college students, or even criminals — are shedding some light on the Kremlin’s plan to create elite teams of computer hackers.”

According to Times reporter Andrew Kramer, a convicted hacker named Dmitry A. Artimovich was approached by Russian intelligence services while awaiting trial for building malware that was used in crippling online attacks. Artimovich told Kramer that in prison while awaiting trial he was approached by a cellmate who told Artimovich he could get out of jail if he agreed to work for the government.

Artimovich said he declined the offer. He was convicted of hacking and later spent a year in a Russian penal colony for his crimes. Artimovich also was a central figure in my book, Spam Nation: The Inside Story of Organized Cybercrime, from Global Epidemic to Your Front Door. His exploits, and that of his brother Igor, are partially detailed in various posts on this blog, but the long and the short of them is that Artimovich created a botnet that was used mainly for spam.

That is, until a friend of his hired him to launch a cyberattack against a company that provided payment processing services to Aeroflot, an airline that is 51 percent owned by the Russian government.

For many years, Artimovich used his botnet, dubbed “Festi” by security researchers, to pump spam promoting male enhancement drugs for a rogue online pharmacy operations called Rx-PromotionPavel Vrublevsky, RX-Promotion’s founder and the man who hired Artimovich to launch the cyberattack — also was convicted in the same trial, and sentenced to two years in a penal colony. However, Vrublevsky was inexplicably released after less than a year in Russia’s hinterlands.

Vrublevsky’s company ChronoPay was indirectly featured in another New York Times story about the hacking of the DNC. In September, The Times profiled Vladimir M. Fomenko, the 26-year-old manager of the web hosting firm King Servers, which was “used by hackers in an incursion on computerized election systems in Arizona and Illinois.” U.S. cybersecurity firm ThreatConnect identified the infrastructure nexus between those attacks and cyberattacks on democratic processes in several countries, including Germany, Turkey and Ukraine.  [Full disclosure: ThreatConnect has been an advertiser on this blog.]

An image from ChronoPay's press release.

An image from ChronoPay’s press release.

To bring this full circle, on Sept. 15, 2016, Fomenko issued a statement about the ThreatConnect report. That statement, originally written in Russian, was translated from Russian into English by Vrublevsky, and reposted on ChronoPay’s Web site.

“The analysis of the internal data allows King Servers to confidently refute any conclusions about the involvement of the Russian special services in this attack,” Fomenko said in his statement, which credits ChronoPay for the translation. “The company also reported that the attackers still owe the company $US290 for rental services and King Servers send an invoice for the payment to Donald Trump & Vladimir Putin, as well as the company reserves the right to send it to any other person who will be accused by mass media of this attack.”


If indeed those who hacked the DNC were recruited from the ranks of the cybercriminal community focused mainly on financial crime, I would not be surprised in the least. The Russian source who first introduced me to much of the cyber underground told me exactly this when we first met some years ago. He had just left the Russian military for a job at a computer security firm in Russia, and his job was to build a presence on all of the Russian-language cybercrime forums and learn the real-life identities of the major power players in that space.

That source, who won’t be named here because it would compromise his current position and create legal problems for him, said he routinely saw Russian intelligence services recruiting hackers on cybercrime forums — particularly for research into potential vulnerabilities in the software and hardware that powers various national power grids and other energy infrastructure.

“All these guys had interest in hacking government resources, including Russian [targets],” my source told me. “Several years ago I got to know one of these hackers who worked for Russian government, [and] he operated his [cybercrime] forum as a government honeypot for hiring hackers. They were hiring hackers to work in official government organizations.”

Initially, he said, the hackers targeted U.S. military installations and U.S. news media outlets, but eventually they turned their attention to collecting government and corporate secrets full-time. The source said the teams routinely used botnets for foreign intelligence gathering and counterintelligence, and frequently sought to infiltrate botnets that were suspected of being co-opted for the same purposes by other countries.

“Then they started attacking foreign-only targets, and even started their own VPN (virtual private networking) service for English-speaking customers so they could capture corporate data,” he told me. “They also ran a service for checking stolen PDFs and other documents for [proprietary] data and classified information. If something like Stuxnet destroys some power plant, I will think about these guys first. Now I use them as a source of information about foreign intelligence botnets, so I really don’t want them to be uncovered.”


Perhaps it shouldn’t be surprising if many people remain unconvinced by the Joint Analysis Report released by the Obama administration. Fresh from an especially rancorous election muddled by the proliferation of “fake news” websites, public trust in the news media on technology and politics has to be at a historic low.

Last Friday, The Washington Post reported that Russian hackers penetrated the U.S. electricity grid through a utility in Vermont. The Post later significantly revised that story to clarify that malware tied to a Russian hacking group known to target companies in the energy sector had succeeded at infecting a single laptop at the utility, and that said laptop was never connected to the power grid.

To many already doubtful of the Obama administration’s claims about Russian hacking involvement in the election, The Post’s flub was yet another example of a left-leaning media establishment eager to capitalize on the Russian election-hacking narrative.

“From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way,” wrote in Forbes.

Not that the American public is the best arbiter of truth and fiction. As Rolling Stone notes, despite the fact that election officials found virtually no voter fraud in the 2016 election, an Economist/YouGov poll conducted last month suggests that 50 percent of all Clinton voters believe the Russians hacked vote tallies. Not to be outdone, 62 percent of Trump voters said they believe Trump’s assertion that “millions” of undocumented immigrants likely voted in the election.

The public might also be deeply suspicious of hacking claims from a government that practically invented the art of meddling in foreign elections. As Nina Agrawal observes in The Los Angeles Times, the “U.S. has a long history of attempting to influence presidential elections in other countries – it’s done so as many as 81 times between 1946 and 2000, according to a database amassed by political scientist Dov Levin of Carnegie Mellon University.” Also, when it comes to hacking power plants, the U.S. and Israel have probably done more damage than anyone else with their incredibly complex Stuxnet virus, which was created as a weapon designed to delay Iran’s nuclear ambitions and opened a virtual Pandora’s Box.

In response to the alleged hacks, the Obama administration has expelled 35 Russian intelligence officials and imposed a series of economic sanctions on individuals and companies the administration says are connected to the DNC intrusions. The administration’s response has been criticized as lackluster and ineffectual, but it’s not entirely clear what else the White House could do publicly without risking retaliation in kind or worse.

However, the operative word there is “publicly.” Just as the administration almost certainly is not releasing all of the intelligence data that lead to its conclusion, I suspect that some of the U.S. response will materialize in ways that won’t be publicly acknowledged by this outgoing administration.

145 thoughts on “The Download on the DNC Hack

  1. Todd

    I don’t believe anything coming from the government. I find it funny that no one disputes the contents of the wikileaks emails…. I would love to see how ugly the RNC emails are, and I have no illusions that both sides are acting in their own self interest. I think most of us just laugh at all the propaganda. Until we see real Indicators of Compromise and an actual footprint that can be confirmed (not fabricated) it is all BS.

    1. Industrial PC

      I am with you Todd, unfortunatley I also cannot believe a word that comes out of the government at the moment. I have zero belief and I could be less pessimistic about the new president. Anyway.

      1. Jim

        I would hate to disagree with you,BUT. It’s part of everyday business to spy on each other. Every company worth its salt, does it. And has to have built in provisions to keep themselves secret.
        About the political hacks, I read all the local releases, and, no GOP hacks were mentioned. Only poor hills were mentioned.
        Here is an odd tidbit. And I have not read if this was changed or not. The 2000 and the 2004 fed election results were fed thru RNC servers then sent to Washington for totaling. Interesting. And the part I don’t like, no recounts in those states. Oh, by the way, I love the Trump Putin connection. Both being billed by a Russian company for the hack, contractor’s? Why didn’t trumpy just call the NSA contractors? But then again, a little misdirection?

        1. _Jim

          “Here is an odd tidbit. And I have not read if this was changed or not. The 2000 and the 2004 fed election results were fed thru RNC servers then sent to Washington ”

          Sorry, but, I have to call nonsense on this.

          A complete bypassing of the sec of state in each state? To quote Al Borland: “I don’t think so Tim.”

  2. Russ

    Why are we more worried about where these emails came from, than what information they revealed??

    1. Winston

      “Why are we more worried about where these emails came from, than what information they revealed??”

      Exactly. If the DNC and Clinton campaign hadn’t been corrupt, all the leaked emails would have revealed is how very honest they were.

      1. Stan

        First, I failed to see any corruption uncovered in any of the emails. Second, is it your position that if someone combed through all your (or for that matter nearly anyone’s) emails that they wouldn’t find a handful that (especially if purposefully taken out of context) would paint one in an unflattering light?

        1. Jake

          This could devolve into vitriol really quickly, but I’d ask about the tip-off of debate questions, the ability to edit stories for major news outlets before dissemination, and the sabotaging of Bernie Sanders; are these not signs of corruption?

          Personally, I am more interested in how this might kick-start the discussion into actual information security practices. I am still surprised to see, far too often, the ease with which people make obvious mistakes and receive malware or fall victim to phishing emails….

          1. matt

            1) it was a single (very predictable) debate question passed along by Brazile to the clinton camp. Her response seemed to indicate that she had not been made aware of the tip off. “We will commit to a priority to change the water systems and we will commit within five years to remove lead from everywhere,”

            2) the ability to edit news stories from major outlets is quite a stretch from what actually transpired. ripping emails out of context and leaving a crowd of internet arm-chair investigators to determine factual determinations is what led us to this awful place in the first place.

            3) i refuse to believe how anyone at the DNC “sabotaged” Bernie, when a) they couldn’t keep their email use secure after a played-out multi-year trumped up barrage by the alt right into HRCs use of a private server and b) their crack IT security team allowed the use of private gmail accounts with no password policy enforcement. Podesta’s password was “password” and he gave it to the hacker!

            They are unbelievably portrayable as waterheads incapable of dressing themselves and getting out the front door on their own cognition, but you’re making it seem like they’re master manipulators with direct access to the NYT, WaPo, et all..

            Give me a friggin’ break.

            1. _Jim

              Tsk tsk matt; fully approving of corruption at ANY level eh?

              “Sorry your honor, it was only a little white lie I told” is still a lie …

              At this rate I say matt approves of spying by any and ALL parties, because, its only spying and everybody does it …

              No sale, matt.

    2. jcinmi

      “Why are we more concerned about where they came from?” Because we’re geeks. We want to know how it was done.

  3. Winston

    “Based on what I’ve learned over the past decade studying Russian language, culture and hacking communities, my sense is that if the Russians were responsible and wanted to hide that fact — they’d have left a trail leading back to some other country’s door.”

    Exactly. Why would official Russia want to get their favored candidate elected but in doing so leave obvious tells in the code (Russian terms, Moscow time zone, etc.) and in callback server use to poison any potential US/Russia rapprochement in the process of doing so? Freelance hackers don’t care about those kinds of tells. State sponsored groups do.


    1. Why can’t the tools and servers of a highly skilled freelance hacker group be hacked/compromised or a mole implanted by a state-sponsored cyberwar team who could then use those servers and tools without the knowledge or approval of those hackers while leaving no traces OR simply incite those hackers to do the hacking themselves? Wouldn’t that be a great way to conveniently frame a country?
    2. What country loves Trump and Trump loves them, leading that country to want to help his chances of winning but that same country would not want a warming of US/Russian relations due to the Russian support for Iran and Syria? There has been much news from that country that the Obama White House has recently very badly screwed them in the UN by ensuring a certain resolution came forward while abstaining from the vote. A very serious graft investigation of their prime minister has just now begun. Sure sounds like US retaliation to me.

    BTW, if you haven’t guessed it, the country in question is also strongly suspected of being a member of the Stuxnet development team or definitely part of that team if you want to believe the huge NSA leaks in the outstanding recent documentary “Zer0 Days,” so we know they have a very, very competent cyber warfare team.

    1. Winston

      I forgot to add that even if those who hacked the freelance hackers had left evidence of doing so, how likely would it be for the prideful freelance hackers to announce the fact that THEY had been hacked?

    2. alpha

      I doubt it was the Jews, they kind of hate trump and think he is the new Hitler. Netanyahu publicly rebuked him for suggesting an arab immigration policy identical to Israel’s. Border walls are only for Israel, not you silly gentile.

      1. _Jim

        alpha, after this last vote in the UN? Please, put your thinking cap ON …

    3. The Phisher KIng

      The NSA, along with all other similar intelligence agencies get so bent of shape about protecting their sources and their collection methodologies that they slap “Top Secret” on the meaty parts of their attribution activities.
      So when they make a public statement it is backed only by weak information that has most likely been in the public domain for many months.
      It is nearly impossible for anyone without access to the highly classified material to have any confidence whatsoever in what the NSA (or other intelligence agencies) are claiming took place, because based purely on what they released, the evidence does not stack up.
      Either the intelligence agencies decide to get over themselves and actually disclose enough material to fully back what they say, or they should say nothing, because currently they just make themselves look stupid with the half-assed material they release.
      Most likely the Tailored Access Operations (TAO) team at the NSA have material that would definitively finger exactly whom was behind these attacks – so why not release that information? What use are the NSA if the intel they gather cannot be used by US citizens and organizations to better protect themselves?

  4. Rebecca

    Oh good lord, now I know exactly why you stay away from this kind of reporting. Are we seriously back to who won the election fair and square? Stay on task people. This is about politically motivated cybercrime not Killary or Trump.

    1. Winston

      See my post immediately above. Case closed as far as I’m concerned.

    2. Gob Bluth

      “killary”? seriously? are you 12 years old, or what?

  5. pritch

    Thanks for being willing to venture into this volatile area.

    Could you please address directly what this alleged “hacking” is and is not? Is it limited to compromising email and leaking embarrassing, but authentic correspondence? Is there any indication of hacking of vote tallies? Of altering leaked correspondence to make them more damning?

    If this was in fact perpetrated by Russians, that needs to be addressed, but the stark inconsistency of how this is being treated by the media and the administration should also be examined.

    Doesn’t anyone remember the telephone conversation of Newt Gingrich that was illegally recorded and leaked by Jim McDermott to sway an election? All the media wanted to talk about was the content, and was more than willing to accept the most ridiculous story of how the recording came to be made.

  6. H Davis

    If I remember Assange’s comments correctly he said it wasn’t the Russian government or a state actor. That doesn’t exclude the shadowy non-government types described by Brian in the article. The difference is only semantic, the Russians government may have been behind it, but Assange is technically correct.

    Also, Brian was right again. The comments section produced more political heat than cybercrime light.

    1. Vestas

      The data was handed over from what I can tell – both Assange and Craig Murray verify that & both state it was a USA citizen and Democrat party member who handed it over.

      Wikileaks still have a $20,000 reward for the murderer of Seth Rich.

      Russians? Don’t make me laugh.

    2. Ben

      My problem with Assange is that he also has skin in the game. He wants Wikileaks to look like the one’s doing the heavy lifting and not simply look like conduit for someone else to release information that they stole. Not saying that he is definitely being untruthful, but he absolutely would have motivation to be.

  7. Lawrence H Cook

    To a lay person, the obfuscation in this thread, real or imagined, boggles. I am certain that this applies to politicians as much as to pedestrians knowing nothing about computer geek speak. We’really all doomed by “the 400lb guy in a basement somewhere.”

  8. VER1TAS

    Thanks for your point of view Brian! I’m on the fence about the evidence right now, that is, until the intelligence reports are made publicly available. From the evidence I have seen, it could go either way.

  9. Charles James

    OT: Can hardly wait for that book you mentioned you will write on persuasion. 🙂

  10. C/od

    They have Kaspersky working for them -Communists.
    There is nothing (now) that cannot be hacked -cracked, broken into, period. Your only smart choice is to NOT put ANY- INFO on ANY devise-period!
    This persons are leading YOU down the sheeple path to live the life They want you to live.
    Thanks Mark.

  11. Alpha

    Brian, why did you include these paragraphs that Russian cyber-security hires hackers? How is this relevant? Why not mention that US does it too? Why are you over-complicating this issue? Why can’t you just come out and clearly say, “THERE IS NO EVIDENCE RUSSIA DID THIS”? Why the ambiguity?

    Do you claim that 0 illegal immigrants voted? If not, how many? why are you making a false equivalence between trump’s estimate and Obama’s lies about Russian hacking?

    1. BrianKrebs Post author

      Now that’s remarkable. 67 comments before someone accused me of having a political axe to grind. That has to be a record for any story that mentions Clinton, Trump and Obama.

      1. Jim

        Brian, I agree it IS remarkable that it took 67 comments before the wagging fingers appeared. Kudos to you for entering this morass. At a personal level I suspect the Russians are involved, and are “testing the waters” by leaving trails. I doubt we will ever get enough detailed proof for “security reasons”, but what a wonderful way to sow even further discord between the various factions of our government and the populous. Sometimes we get a bit too focused on the details of cyber crime and miss the overarching goals toward which the actor is moving.

      2. alpha

        How exactly did I make such an accusation by asking these legitimate questions?

        This is a simple question: Is there publicly available evidence that Russia hacked the DNC? Yes or no?

        I would imagine most people reading this are left scratching their heads, when you have several paragraphs about unrelated Russian hacking, but you only highly ambiguously and indirectly point out that there is not any real publicly evidence.

        1. Dan

          Are you not capable of performing research on Russian Hackers and how they are assembled? I am quite sure there is quite a bit information about Hackers for Hire, and who uses them. Just use google. Also there is no strong evidence that Russia was behind this world changing hack or if it had any real impact on the US Elections. In the realm of cyber security the attribution of a hack is the hardest thing to do. Anyone with any sense of cyber security experience would understand that. I also find it quite naive that so many people here are quick to point to the NSA has being a bad guy and would have anything to benefit from hacking a US Companies or US Persons e-mail and servers for gain. They just do not that, and are not authorized to do so. So I would highly recommend that you use your fingertips to do the walking, and use google to research before making accusations that are unfounded. I trust Brian Krebs here has good intelligence data, and has the intelligence to read it and analyze it, and disseminate his thoughts on it.

          1. Jim

            Have you googled how many American programmers are for hire? Same effect, many.

            1. Dan

              Yes I know of that, and if those Americans are ever paid by the Russian Government and there is evidence of that, then those Americans become Foreign Agents and as such propagators of Russian State Sponsored Cyber Warfare.

              If they were paid off by American Businesses to help undermine HRC and boost more votes for Trump, then I will call for the legitimacy of the election in question and question the ethics of some people.

              I hope that reply was to mine.

  12. Eaglewerks

    Thank you Brian, most informative.

    Draco dormiens nunquam titillandus

  13. Justin

    I kept wondering why you had not written on this topic. I guess now I know why.

    The one thing I don’t know and I haven’t heard a reporter talk about is whether one can really trace who is responsible for a hack like this. I’ve heard some commentators say that it’s like a detective who becomes familiar with certain patterns in criminals – the detective knows it’s a particular criminal based on these patterns, but is that really it?

    1. woody188

      All the IP’s I looked into were TOR exit nodes. The claim is it’s the same group because they used the same code base, but it’s been shown the code used is in the wild, so it’s non-exclusive to Russian hacking groups. Basically all the claims have no validity unless there is classified information that has not nor will be released. So once again the US .gov is asking for a leap of faith that they’ve abused repeatedly in the past.

  14. Kim Radar

    The infamous WikiLeaks release of information taken from computers owned by the DNC and Hillary Clinton and other Democrats shows how lame their computer security was, if you can call it security at all!

    Julian Assange has clearly stated that the information he released did not come from a government operative for any country. So neither Russia nor any other nation was responsible for “hacking” the various Democrats involved. Clearly to “hack” people like Podesta requires no more than a simple phishing email and apparently none of these people cared about computer security at all. It was child’s play to grab information from their systems. Sure, Russia could have done it as well. Heck, Lower Slobbovia very likely could have hacked those systems!

  15. Dennis Kavanaugh

    Good job on the article, with a few caveats:

    I am not sure I fit into either of your ‘two camps’ concept. My issue is that the facts don’t take us anywhere, so there is no conclusion to be had. There may be ‘facts’ that the Russian government recruits hackers, and all of the related stuff. There may be hackers who at one time may have done some work for some entity that we may believe to represent the Russian government. There may also be some facts regarding the ability and willingness of Russian hackers to work for just about anyone if the terms are attractive.

    Here are a few other facts:
    Fact: hackers are not really a group per se, with characteristics that can be profiled (other than the fact they are hackers). They are people with interests and motivations, and those interests and motivations may take them many places over time.
    Fact: tools are shared, and attributing some form of use of some tool to one group reminds me of relating one flavor of pizza to one specific hacker.
    Fact: historically, people attribute some effort to a person who claims responsibility for that effort. But that is not fact, except to say they claim responsibility for it. It does not prove they actually *did* that thing. Think of ISIS.
    Fact: There are enough ways to cover ones tracks that finding tracks only indicates that tracks were found. It does not indicate who laid the tracks, or whether they went to the place where attribution belongs.
    Fact: if the US government wants to look objective, they can use independent sources to investigate and validate the facts. It has not.
    Fact: in the US courts, the processes generally uncover facts and tend to rule out subjective opinions and hearsay. Nothing related to these hacking episodes amounts to anything that might be considered fact; rather, it is almost entirely hearsay.

    This is why I am not convinced anyone knows who did this or why. Please feel free to correct anything I have stated or add to it. I’d like to get to the truth.

  16. Mikey

    That’s funny, you quote Rolling Stone as if they are an arbiter of truth and fiction. Thanks for the laugh.

    1. BrianKrebs Post author

      I quote a great diversity of sources for news. Just because I reference a useful story or quote doesn’t mean I agree with everything they print. But thank you for proving my point so wonderfully.

  17. NJ1957a

    Your sense about this material being treated as a political football has been proven 100% correct. My kudos for you trying to layout the known facts in the most unbiased method possible.

    To delineate how politically motivated comments to this story were, maybe you should have asked what would constitute iron clad proof of the Russians hacking the DNC. Eye witness testimony? Confession? Forensics? Wow..we had had all that type of information in Watergate and 36% of the people still said Nixon was innocent. Some said it was the Democratic Party did it to falsely blame Nixon. The CIA was behind it. And on and on and on.

    Edward R. Murrow: when most people think they are thinking all they are doing is rearranging their prejudices.

  18. Mocephus

    NJ1957a, that Murrow quote is spot-on, it never ceases to amaze me how people can take ANY story and frame it to their political/spiritual beliefs, as if that is all there is to it. Once they establish that connection, facts are pretty much irrelevant, as any source that disagrees becomes a “questionable” source which makes any opposing rhetoric useless to the original subject.

    Thanks Brian for making the effort to keep the real set of issues in the limelight, your efforts are always appreciated.

  19. Allen

    Thanks Brian,
    I enjoy your perspective and reporting. Public trust in the news media on just about any topic, for me certainly, is at a historic low. Journalist and financial competition is causing the media to consistently sensationalize every story to improve viewership and thereby, ad revenue. Journalistic integrity seems to be almost gone. There’s a push to remove “fake news sites” on the Internet, but with legitimate news organizations and our political leaders behaving the way they are, who will we believe? Our country will be in dire straits without a news media that is free, unbiased, and has genuine integrity (no subtle or hidden political agendas from the owners).

    As a point of order, the Vermont utility laptop was not connected to any grid “operations systems.” I work in the utility industry and believe that those fear mongering stories about the vulnerability of the power grid are mostly just that. The cyber systems that control electrical generation and transmission are required by law to be protected by NERC CIP standards. Control system networks typically do not have Internet or email access and are often air-gapped. Not to say that it is impossible to compromise a utility control system, but it isn’t as easy as the media would like you to believe.

  20. woody188

    Wonder if someone used the leaked NSA toolset to hack Russia via TOR nodes if Crowdstrike would claim it was the NSA?

  21. Doug

    Brian thanks for the reporting. Interesting the responses by persons of opposing views. Personally I was interested in the recruiting methods (realizing that similar things undoubtedly occur everywhere).

  22. Lee Phillips

    All’s fair in love, war, politics and hacking.

  23. Miles Borne

    Well if one thing has been illuminated in this lengthy thread its that senior leadership, meaning the most senior leadership, needs to understand that cyber defense is a cost center that cannot be ignored. There are 20 critical security controls (The Australian Signals Directorate advocates 4) that must be baked into information systems and networks to keep them safe. Attribution is difficult if not impossible, time consuming, and a complete waste of resources. Who cares who burnt the building down? How do we keep them from burning in the first place? Here’s hoping that this is an ‘aha!” moment from POTUS down to John and Jane Public.

    1. _Jim

      “senior leadership, meaning the most senior leadership, needs to understand that cyber defense is a cost center that cannot be ignored.”

      Does not compute; John Podesta handing the keys to the fortress subverts ALL cyber defenses in effect ,,,

      Maybe you and many others are unaware of this facet of the so-called ‘hack’? It has been in the public domain and news for some time now .. so, no excuse for not being aware.

  24. Joe

    Brian did you happen to tune in to CrowdStrike’s webinar today at 11am Pacific? Yes, CrowdStrike is the contractor brought in by the DNC to clean up the mess – but the CrowdStrike folks make a pretty good case for the DNC hackers being folks at/on behalf of the GRU and FSB – particularly by comparing the app created by the Ukranian military for targeting Howitzers that was hacked by possibly the same folks at/on behalf of the GRU.

  25. cyberwy

    Cyber criminals and thiefes credit card fraudsters are anonoymoys hacker group i think so hackers are all bad.

  26. justme

    Russia is owned by illuminati. They use russia and ukraine as proxy so all the bad things want to do they do it and people can blame putin…but puton dont care he got so much money.
    Russia is not run by russians.ukraine is not run by ukrainens
    Ru and ukraine are directly by illuminati.
    Like european union is controlled by them also…usa also but
    In usa they have few issues..so usa is only country what is not
    Under illuminati total power. Uk was fighting against also but they submitted so uk deatroyed complitely.

  27. John Doe

    We all know that Russia won’t arrest cybercriminals who don’t attack Russians. Do you think the US will do the same? If an American is discovered to have caused a lot of damage only to Russia, would there be no consequences?

    Regardless, there aught to be more American blackhats targeting Russia. Balance the playing field a little, you know?

    1. GSJ

      Wow, I can visualize a script kiddie “patriot” looking to kick some Ruskii ass on late Friday night and escalating it into full scale cyber war, or worse! Are we talking about an online version of the Oath Keepers?

  28. Jim G

    Brian – Thank you for sharing your knowledge with us in this article. I am glad you are shedding light on a tricky subject. My background in operating systems software and network switches can assure everyone that these systems are so complex that no one would ever know or be able to develop a completely secure system. There are just too many places for a rogue developer to hide access or for developers to make mistakes. But it is interesting that most compromised systems come from poor management of passwords or clicking on untrusted links – in other words, end user error.

    As part of national security, just like each country has troops, all countries have some sort of internet / phone monitoring. Most always located in embassies as this is protected space. And each of these countries know they need to have internet protection/defenses and internet offenses. Think about what an internet offense means.

    Regarding the Russians attempt to hack the DNC in order to have an impact on the election. You made a great point that if the Russians were doing this, they would cover their tracks. I would completely agree. So it would be interesting to ask the question, who would like to make an impact, but maybe cover their tracks by maybe making it look like the Russians. Several come to mind, but one country in particular seems to jump out at me. Who could that be? …..

  29. PanamaVet

    We’re talking about a server on a network collocated with the Clinton Foundation traffic maintained by a small business.

    1. How difficult was it to hack? Why do people assume it took a state player?

    2. Which begs the question, how many entities gained access to the email? This article addresses one and does not give serious consideration to the possibility there were more.

    3. Intelligence agencies since the age of barbarians have tried to make it look like another country did what they are trying to hide.

    4. Even if the Russians didn’t breach the email server they would want the world to think they conquered us.

    5. It is a waste of time to speculate. We know that confidential information was mishandled. The law says that is illegal regardless of intent. Why? To stop the well intentioned sailor from taking pictures of his submarine work space to study at home. He put the information at risk. That is it.

    6. Assange says someone else gave WikiLeaks the emails. Krebs can be right and Assange can be telling the truth.

    7. Apparently the sailor does not have the backing of the Obama administration.

  30. Joe Stalin

    When US “Intel” cry wolf so many times over the years with millions of deaths (Korea,Vietnam,Afghanistan,Iraq,Syria,etc) it does not matter what they say now. Even if they could “prove” it.

Comments are closed.