“Everyone knows the Russians hacked the election.” Right?
Technical analysis: Malware “Russian hacking” sample provided by US government is common malware. https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/ …
Please note this from WordFence.com, on Friday, December 30th.
Overall Conclusion
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
You can find a public repository containing the data used in this report on github.
This is not a political analysis in the slightest, but a technological examination of the facts as yet known. The article is lengthy and of interest if you’re well-versed in technical digital matters. Please read if you are so inclined.
Techie comments include:
December 30, 2016 at 6:19 am •
Long story short, it doesnt have anything to do with Russia. ‘May have’ used by anyone indeed, however Russia being able to use datacenters located especially in Germany to hack against US is quite unlikely, with the German intelligence practically being subservient to US intelligence as recent leaks showed.
December 30, 2016 at 6:24 am •
What you appear to be saying is there is no “smoking gun” link even to Russia, nevermind the Russian Government!
December 30, 2016 at 6:27 am •
Hi Steve,
It does appear that way. Unless FBI/DHS shares some additional IOC’s, there’s not really anything here we can use to make the connection.
December 30, 2016 at 6:34 am •
Interesting what you find when you are on a non-political quest for the truth. I appreciate the work you did digging into this. It’s hard to find a source that doesn’t lean one way or the other, and just provides cold, hard facts. Thanks!!!
December 30, 2016 at 6:42 am •
Great article but don’t you think it is a confusing headline because if anything, your article shows there is no smoking gun that leads back to Russia as a state actor?
“US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware”
Then Aaron hits a Commenter’s Home Run:
December 30, 2016 at 2:01 pm •
The problem with that reasoning is that this is also exactly what a non-governmental hacking job would look like. The burden of proof lies with those attempting to demonstrate a Russian plot to affect the election, which means they need to find evidence that distinguishes the a Russian hacking attempt from the null scenario. In the absence of such evidence, we must assume the null hypothesis (that it was more likely any of the many non-Russian, non-governmental actors capable of such an attack) until further evidence is presented.
Otherwise, we’d have to assume that the lack of evidence for aliens crash-landing in Roswell, New Mexico is evidence of a government conspiracy, because a government conspiracy would leave no evidence of an alien crash-landing in New Mexico. That would be circular reasoning, and therefore a fallacy.
It is claimed that “everyone” knows the Russians hacked the DNC, John Podesta’s emails, Hillary Clinton’s emails, et al, and turned them over to Wikileaks. Because it serves a political end for the Demorats — that is, it provides a ready and convenient excuse for Hillary Clinton’s having lost the election — the American Media Maggots have picked up on the theme as well. Therefore, “everyone” knows the Russians are responsible for the hacks and throwing the election.
However, what about the Sony hack two years ago? The FBI concluded after a few weeks that North Korea was responsible. It was convenient to say so, so it was so. Many people were not so sure. Why? Because determining a cyber attack is more of an art than a science. And intelligence agencies frequently rely on what is called “fourth party collection.” Even the NSA. Which was hacked.
But guess what?
For reasons delineated in prior posts, I think I’d consider the weight of the propeller-heads above over the input of others at this point, who are motivated by — well, let’s just say “self-interests.”
BZ