Wednesday, July 18, 2018

Russia didn’t “hack democracies” of France or Germany nor did it “hack” website of Kingdom of Qatar despite first reports

6/23/2017, “Smoking Gun Proof that Russia Hacked the Entire World,” George Washington, Zero Hedge 

“As shown below, the allegations that Russia has been hacking the entire world have been thoroughly vetted and verified. 


Germany’s intelligence agency accused Russia of deploying cyberattacks to destabilize the government! 

(But German intelligence agencies later found no evidence of Russian interference.) 

[2/17/2017, “German Intelligence Agencies Find No Evidence Of Russian Interference,” Newsweek, Josh Lowe] 

And last December [2016], German security officials said that Russia hacked secret German communications and provided them to Wikileaks (English translation). 

(But German officials later concluded that the communications were likely leaked from an insider within the German parliament, the Bundestag (English translation)).

[Reported by Der Spiegel, German government personnel provided documents to Wikileaks: 

12/17/2016, Wikileaks documents from NSA Committee: Source suspected in the Bundestag,” (google translation) 

Behind the publication of thousands of documents from the NSA investigation committee were last suspected Russian hackers. Now the authorities are assuming a leak in the Bundestag itself. 

N oh the publication of confidential documents from the NSA investigation committee of the Bundestag police investigated the offender in the Parliament, as the news magazine “Der Spiegel” reported. It was determined “for breach of official secrecy and a special secrecy obligation,” a Bundestag spokesman confirmed the magazine. Bundestag President Norbert Lammert (CDU) have approved the investigation against unknown. The German Bundestag is a separate police district.

According to the report, federal security authorities are convinced that hackers have not stolen the 2420 documents published by the Wikileaks Internet platform at the beginning of December…. 

According to Wikileaks, the approximately 2400 documents come from various federal agencies such as the Federal Intelligence Service and the federal offices for constitutional protection and security in information technology. According to the documents, there should therefore be evidence proving the cooperation between the US National Security Agency (NSA) and the BND.”] 


The Washington Post, New York Times (and here), Reuters, Politico, Register and many other mainstream publications claimed that the Russians hacked the French election, just like they hacked the U.S. election. 

The head of the NSA [then Mike Rogers] claimed that the NSA watched the Russians hack the French elections: 

(But the French government later said there was no trace of Russian hacking.) 

[Two sources, AP and EU Observer: 6/1/2017, AP: France says no trace of Russian hacking: 

6/1/17, The Latest: France says no trace of Russian hacking Macron,, St. Petersburg, Russia

The head of the French government’s cyber security agency, which investigated leaks from President Emmanuel Macron’s election campaign, says they found no trace of a notorious Russian hacking group behind the attack. 

In an interview in his office Thursday with The Associated Press, Guillaume Poupard said the Macron campaign hack “was so generic and simple that it could have been practically anyone.” He said they found no trace that the Russian hacking group known as APT28, blamed for other attacks including on the U.S. presidential campaign, was responsible. 

Poupard is director general of the government cyber-defense agency known in France by its acronym, ANSSI. Its experts were immediately dispatched when documents stolen from the Macron campaign leaked online on May 5 in the closing hours of the presidential race. 

Poupard says the attack’s simplicity “means that we can imagine that it was a person who did this alone. They could be in any country.” 


The attack was so generic and simple that it could have been practically anyone, he [Poupard] said. “It really could be anyone. It could even be an isolated individual”.”…6/2/17, Macron Leaks could be ‘isolated individual’, France says,] 


CNN reported that U.S. officials suspected that Russia had hacked Qatar’s state news agency, causing a rift with Saudi Arabia. 

(But the Qatari government later said it wasn’t Russia).

[6/20/2017, “DOHA (Reuters) – Qatar’s attorney general said on Tuesday his country has evidence that the hacking of Qatar’s state news agency was linked to countries that have severed ties with Doha. Saudi Arabia, Egypt, Bahrain and the United Arab Emirates cut their ties with Doha earlier this month.”] 


The Washington Post published a story claiming that Russian hackers penetrated the US power grid through a utility in Vermont. 

(The Post subsequently admitted that – according to officials close to the investigation – “the incident is not linked to any Russian government effort to target or hack the utility”, that the incident only involved a laptop not connected to the electrical grid, and there may not even have been malware at all on this laptop.) 

When a treasure trove of secret NSA tools were revealed, Russian hackers were blamed [12/13/2016]. 

(But it turns out that it was probably a leak by an NSA insider)

[Excerpts from 5 links author lists related to US NSA’s loss of a trove of elite hacking tools: 

1. 8/26/2016, “NSA Whistleblowers: NSA Hack Was Likely An Inside Job, Washington’s blog 

“William Binney: “The probability is that an insider provided the data. 

I say this because the NSA net is a closed net that is continuously encrypted.  Which would mean, that if someone wanted to hack into the NSA network they would not only have to know weaknesses in the network/firewalls/tables and passwords but also be able to penetrate the encryption. 

So, my bet is that it is an insider. In my opinion, if the Russians had these files, they would use them not leak them or any part of them to the world.” 

Similarly, former NSA employee, producer for ABC’s World News Tonight, and long-time reporter on the NSA James Bamford notes: “If Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination. 

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.”” 

2. 10/20/2016, “Prosecutors: NSA contractor’s alleged theft ‘breathtaking’ in scope,” Baltimore Sun, Ian Duncan
NSA contractor stole data for two decades, 1996-2016, without anyone noticing: 

Harold T. Martin III, 51, took documents dating from the year he first obtained a security clearance in 1996 and continued until his arrest this year, amassing an archive many times larger than the haul Edward Snowden is suspected of taking from the intelligence agency headquartered at Fort Meade. 

Documents that Martin is alleged to have taken detail some of the country’s most sensitive intelligence operations. Authorities have not said why he allegedly stole the documents, or whether they believe he planned to do anything with them…. 

Martin left active military service in 1995 and worked for a string of defense contractors. He was employed by Booz Allen Hamilton at the time of his arrest.”… 

3. 8/21/2016, “Commentary: Evidence points to another Snowden at the NSA,” Reuters, James Bamford 

“Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. 

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations. 

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others…. 

It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.” 

4. 8/22/2016, Hints suggest an insider helped the NSA “Equation Group” hacking tools leak,”, Sean Gallagher 

A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA’s Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved. 

The leaked software—which can exploit weaknesses in a number of network hardware platforms and other devices—apparently may have come with the help of an NSA insider, according to the analysis of several information security experts, reports citing former NSA employees, and one journalist who had access to the files leaked by Edward Snowden. While the hacking tools were said not to have come from the Snowden documents cache, they may in fact be associated with another leaker….On Twitter, Snowden himself said the most recent files in the Shadow Brokers’ dump had date stamps in June of 2013—a month after Snowden fled the US to Hong Kong. “… 

5. 8/17/2016, Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump,”, Joseph Cox and Lorenzo Franceschi-Bicchierai 

An insider could have stolen them directly from the NSA, in a similar fashion to how former NSA contractor Edward Snowden stole an untold number of the spy agency’s top secret documents. And this theory is being pushed by someone who claims to be, himself, a former NSA insider. 

“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.” 

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking). 

Of course, as Matt Suiche, the CEO of Dubai-based cybersecurity company Comae, noted in a post analyzing the insider theory, a leading theory is that a member of NSA’s elite hacking team, Tailored Access Operation, or TAO, made a “mistake” and left the hacking tools exposed on a server. 

“We are 99.9 percent sure that Russia has nothing to do with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed,” the source added. “We think it is the most plausible.” 

The source said that while he was “a little nervous about this whole thing,” he was coming forward precisely to warn people against accusing Russia. 

“Now seeing what’s being paraded in the media like the wildly speculative attribution to Russia, I feel a personal responsibility to propose the more plausible theory on behalf of me and the rest of the guys like me,” he said. “I think it’s dangerous to point fingers when they shouldn’t be. That could have real implications that affect real people.” 

The source provided a military award as proof of his past employment, and multiple former intelligence sources who reviewed the award for Motherboard said it looks legitimate.

That award describes the source’s role as a “Cyber Intrusion Analyst,” and although he was not a member of TAO himself, he said he was able to work with TAO operators and access and analyze the data retrieved. 

Another former NSA source, who was contacted independently and spoke on condition of anonymity, said that it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers. 

Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, agreed that it’s a viable theory. 

“It’s Snowden junior,” Adams told Motherboard. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.” 

It’s important to note that there’s no evidence pointing the finger at an insider, just like there’s no evidence pointing toward Russia. It’s all speculation, but these two theories, at this point, seem the most plausible.”]
(continuing): “And of course the evidence that the Russians hacked Democratic party emails and leaked them to Wikileaksand otherwise stole the election away from Clinton – is extremely strong.  After all, the mainstream press has said so. 

(Maybe not so much …) 

[Excerpts from 3 of 4 links author provides with: (Maybe not so much …) 

1. 12/18/2016, The Hacking Evidence Against Russia Is Extremely Weak,” Washington’s blog 

“Last week, German security officials said that Russia hacked secret German communications and provided them to Wikileaks (English translation). But now, German officials say that the communications were likely leaked from an insider within the German parliament, the Bundestag (English translation). 

Similarly, when a treasure trove of secret NSA tools were revealed, Russian hackers were initially blamed. But it turns out that it was probably a leak by an NSA insider. So claims that Russia is behind any specific hacking incident need to be taken with a grain of salt…. 

A group of high-level former American intelligence officials – including the man who designed the NSA’s global surveillance system (Bill Binney), a 27-year CIA officials who personally delivered the daily briefing to both Democratic and Republican presidents (Ray McGovern) , and others – say that the Democratic Party emails were not hacked, but were actually leaked by insiders. 

A former British intelligence analyst and British Ambassador to Uzbekistan (Craig Murray) alleges that he personally met the leaker, and that it was an American working for the NSA. 

But whether or not these American and British intelligence officials are right that the Democratic emails were leaked by insiders as opposed to hacked by Ruskies, the fact remains that the evidence for Russian hacking is very weak. 

Initially, the main allegation for Russia hacking Democratic emails to throw the election for trump is that Wikileaks released Democratic – but not Republican – emails. 

However, the RNC says that their cybersecurity stopped attempts to hack into their computers. If true, then it may be that the Dems were simply more careless than the GOP. Indeed, John Podesta fell for a basic phishing scam. 

Moreover, it’s famously difficult to attribute the source of hacks. 

A leading IT think tank – the Institute for Critical Infrastructure Technology – points out: 

Malicious actors can easily position their breach to be attributed to Russia.  It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia. For additional operational security, use publicly available whitepapers and reports to determine the tool, techniques, and procedures of a well-known nation-state sponsored advanced persistent threat (APT), access Deep Web forums such as Alphabay to acquire a malware variant or exploit kit utilized in prolific attacks, and then employ the malware in new campaigns that will inevitably be attributed to foreign intelligence operations. Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple that’s its virtually “Script Kiddie 101” among malicious cyber upstarts.
Incident Response techniques and processes are not comprehensive or holistic enough to definitively attribute an incident to a specific threat actor from the multitude of script kiddies, hacktivists, lone-wolf threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs), who all possess the means, motive, and opportunity, to attack minimally secured, high profile targets.
Attribution might be reliable if the target is well-protected, if the target operates in a niche field, or if the malware involved in the incident is unique because one or more of those characteristics can be deterministic of the sophistication and resources of the threat actor. Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs); and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.
Both APT28 and APT29 are well-known sophisticated threat actors that have been extensively profiled by cybersecurity firms such as FireEye. As a result, their profiles, operational behavior, tools, and malware could all be easily emulated by even an unsophisticated adversary in a campaign against an insecure target such as the DNC, that did not prioritize cybersecurity, cyber-hygiene, or system cyber resiliency. For instance, the cyber-criminal group Patchwork Elephant, known for adopting malware from other campaigns, could easily have also conducted the DNC/ RNC attacks by emulating APT28 and APT29.” 

James Carden – a former Advisor to the US-Russia Presidential Commission at the US State Department – writes: 

Evidence of a connection between the Russian government and the hackers that are believed to have stolen the DNC/John Podesta e-mails remains illusory. Cyber-security expert Jeffrey Carr has observed that there is ZERO technical evidence to connect those Russian-speaking hackers to the GRU, FSB, SVR, or any other Russian government department. The very real possibility that non-state actors carried out the hack of the DNC has been conspicuously absent from the mainstream narrative of “Russian interference.”” 

Craig Murray notes: 

Despite himself being a former extremely competent KGB chief, Vladimir Putin [is alleged to have] put Inspector Clouseau in charge of Russian security and left him to get on with it. The Russian Bear has been the symbol of the country since the 16th century. So we have to believe that the Russian security services set up top secret hacking groups identifying themselves as “Cozy Bear” and “Fancy Bear”. Whereas no doubt the NSA fronts its hacking operations by a group brilliantly disguised as “The Flaming Bald Eagles”, GCHQ doubtless hides behind “Three Lions on a Keyboard” and the French use “Marianne Snoops”. 

What is more, the Russian disguised hackers work Moscow hours and are directly traceable to Moscow IP addresses. This is plain and obvious nonsense. If crowdstrike [the consulting firm hired by the Democratic National Committee] were tracing me just now they would think I am in Denmark. Yesterday it was the Netherlands. I use Tunnel Bear, one of scores of easily available VPN’s and believe me, the Russian FSB have much better resources. We are also supposed to believe that Russia’s hidden hacking operation uses the name of the famous founder of the Communist Cheka, Felix Dzerzhinsky, as a marker and an identify of “Guccifer2” (get the references – Russian oligarchs and their Gucci bling and Lucifer) – to post pointless and vainglorious boasts about its hacking operations, and in doing so accidentally leave bits of Russian language script to be found. 

The Keystone Cops portrayal of one of the world’s most clinically efficient intelligence services is of a piece with the anti-Russian racism which has permeated the Democratic Party rhetoric for quite some time. Frankly nobody in what is vaguely their right mind would believe this narrative. 

It is not that “Cozy Bear”, “Fancy Bear” and “Guccifer2” do not exist. It is that they are not agents of the Russian government and not the source of the DNC documents. Guccifer2 is understood in London to be the fairly well known amusing bearded Serbian who turns up at parties around Camden under the (assumed) name of Gavrilo Princip. 

Of course there were hacking and phishing attacks on the DNC. Such attacks happen every day to pretty well all of us.There were over 1,050 attacks on my own server two days ago, and many of them often appear to originate in Russia – though more appear to originate in the USA. I attach a cloudfare threat map. It happens to be from a while ago as I don’t have a more up to date one to hand from my technical people. Of course in many cases the computers attacking have been activated as proxies by computers in another country entirely. Crowdstrike apparently expect us to believe that Putin’s security services have not heard of this or of the idea of disguising which time zone you operate from. 

Pretty well all of us get phishing emails pretty routinely. Last year my bank phoned me up to check if I was really trying to buy a car with my credit card in St Petersburg. I don’t know what the DNC paid “Crowdstrike” for their narrative but they got a very poor return for their effort indeed. That the New York Times promotes it as any kind of evidence is a truly damning indictment of the mainstream media. 

Andrew Cockburn asks some hard-hitting questions: 

“1/ The DNC hackers inserted the name of the founder of Russian intelligence, in Russian, in the metadata of the hacked documents.  Why would the G.R.U., Russian military intelligence do that? 

2/ If the hackers were indeed part of Russian intelligence, why did they use a free Russian email account, or, in the [alleged] hack of the [names and addresses in] state election systems, a Russian-owned server?  Does Russian intelligence normally display such poor tradecraft? 

3/ Why would Russian intelligence, for the purposes of [allegedly] hacking the [names and addresses in] election systems of Arizona and Illinois, book space on a Russian-owned server and then use only English, as documents furnished by Vladimir Fomenko, proprietor of Kings Servers, the company that owned the server in question, clearly indicate? 

4/ Numerous reports ascribe the hacks to hacking groups known as APT 28 or “Fancy Bear” and APT 29 or “Cozy Bear.” But these groups had already been accused of nefarious actions on behalf of Russian intelligence prior to the [alleged] hacks under discussion. Why would the Kremlin and its intelligence agencies select well-known groups to conduct a regime-change operation on the most powerful country on earth? 

5/ It has been reported in the New York Times, without attribution, that U.S. intelligence has identified specific G.R.U. officials who directed the hacking. Is this true, and if so, please provide details (Witness should be sworn) 

6/ The joint statement issued by the DNI and DHS on October 7 2016 confirmed that US intelligence had no evidence of official Russian involvement in the leak of hacked documents to Wikileaks, etc, saying only that the leaks were consistent with the methods and motivations of Russian-directed efforts.” Has the US acquired any evidence whatsoever since that time regarding Russian involvement in the leaks? 

So while Russia may have hacked the Democratic emails and then delivered them to Wikileaks, the evidence is extremely weak.”

Excerpt from 3rd link author provides: 

“Top NSA whistleblowers say that the NSA possesses records showing exactly how the emails went from the Democratic Party to Wikileaks, as it tracks all electronic communications in the U.S.”…

— Edward Snowden (@Snowden) July 25, 2016″…] 

It doesn’t address the fact that top former NSA and CIA officials (and Wikileaks) claim that these were not hacks at all … but rather leaks by American insiders.” 

3. 12/29/2016, “What The Russian Hacking Report DOESN’T Say,” Washington’s blog 

“Today, the Department of Homeland Security and FBI released a report alleging Russian hacking. The report itself is only five and a half pages long in large print (with another 7 pages for future security recommendations). 

It’s important to note what the report does NOT say… 

It does NOT allege any of the following: 

It doesn’t claim that it’s accurate. Instead, the report starts with a disclaimer, and uses the same type of weasel words – “as is”, “does not provide any warranties of any kind regarding any information” – that someone selling a lemon uses when he doesn’t want to talk about the fact that the blasted thing won’t run and doesn’t want to get sued for intentional misrepresentation or wilful concealment:
In other words, the report really doesn’t say much of anything

4. 3/24/2017, “Cyber Firm Rewrites Part of Disputed Russian Hacking Report,”, Oleksiy Kuzmenko, Pete Cobus 

U.S. cybersecurity firm CrowdStrike has revised and retracted statements it used to buttress claims of Russian hacking during last year’s American presidential election campaign. The shift followed a VOA report that the company misrepresented data published by an influential British think tank. 

In December [2016], CrowdStrike said it found evidence that Russians hacked into a Ukrainian artillery app, contributing to heavy losses of howitzers in Ukraine’s war with pro-Russian separatists. 

VOA reported Tuesday that the International Institute for Strategic Studies (IISS), which publishes an annual reference estimating the strength of world armed forces, disavowed the CrowdStrike report and said it had never been contacted by the company. 

Ukraine’s Ministry of Defense also has stated that the combat losses and hacking never happened.”…] 

(continuing): “So you see? It’s been proven that Russia has hacked the world.” …


No comments: