“Everyone knows the Russians hacked the election.” Right?

Please note this from WordFence.com, on Friday, December 30th.

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can find a public repository containing the data used in this report on github.

This is not a political analysis in the slightest, but a technological examination of the facts as yet known. The article is lengthy and of interest if you’re well-versed in technical digital matters. Please read if you are so inclined.

Techie comments include:

unity100 December 30, 2016 at 6:19 am • Reply

Long story short, it doesnt have anything to do with Russia. ‘May have’ used by anyone indeed, however Russia being able to use datacenters located especially in Germany to hack against US is quite unlikely, with the German intelligence practically being subservient to US intelligence as recent leaks showed.

Steve Maughan December 30, 2016 at 6:24 am • Reply

What you appear to be saying is there is no “smoking gun” link even to Russia, nevermind the Russian Government!

mark December 30, 2016 at 6:27 am • Reply

Hi Steve,

It does appear that way. Unless FBI/DHS shares some additional IOC’s, there’s not really anything here we can use to make the connection.

Rusty December 30, 2016 at 6:34 am • Reply

Interesting what you find when you are on a non-political quest for the truth. I appreciate the work you did digging into this. It’s hard to find a source that doesn’t lean one way or the other, and just provides cold, hard facts. Thanks!!!

David Bennett December 30, 2016 at 6:42 am • Reply

Great article but don’t you think it is a confusing headline because if anything, your article shows there is no smoking gun that leads back to Russia as a state actor?

“US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware”

Then Aaron hits a Commenter’s Home Run:

Aaron Miner December 30, 2016 at 2:01 pm • Reply

The problem with that reasoning is that this is also exactly what a non-governmental hacking job would look like. The burden of proof lies with those attempting to demonstrate a Russian plot to affect the election, which means they need to find evidence that distinguishes the a Russian hacking attempt from the null scenario. In the absence of such evidence, we must assume the null hypothesis (that it was more likely any of the many non-Russian, non-governmental actors capable of such an attack) until further evidence is presented.

Otherwise, we’d have to assume that the lack of evidence for aliens crash-landing in Roswell, New Mexico is evidence of a government conspiracy, because a government conspiracy would leave no evidence of an alien crash-landing in New Mexico. That would be circular reasoning, and therefore a fallacy.

It is claimed that “everyone” knows the Russians hacked the DNC, John Podesta’s emails, Hillary Clinton’s emails, et al, and turned them over to Wikileaks. Because it serves a political end for the Demorats — that is, it provides a ready and convenient excuse for Hillary Clinton’s having lost the election — the American Media Maggots have picked up on the theme as well. Therefore, “everyone” knows the Russians are responsible for the hacks and throwing the election.

However, what about the Sony hack two years ago? The FBI concluded after a few weeks that North Korea was responsible. It was convenient to say so, so it was so. Many people were not so sure. Why? Because determining a cyber attack is more of an art than a science. And intelligence agencies frequently rely on what is called “fourth party collection.” Even the NSA. Which was hacked.

But guess what?

For reasons delineated in prior posts, I think I’d consider the weight of the propeller-heads above over the input of others at this point, who are motivated by — well, let’s just say “self-interests.”

BZ