back to article Kremlin-linked hacker crew's tactics exposed

Security researchers have published more intel on the tactics of the infamous Russian government-linked hacker crew blamed for compromising the Democratic National Committee (DNC) during last year's US presidential election. A report by SecureWorks' Counter Threat Unit offers an analysis of the connection between the APT 28 …

  1. DCFusor

    Attribution is HARD. Especially when there are things like this to help obfuscate the actual sources. It's kind of amazing what a for-pay security outfit will publish without any backing if they think it will curry them money or favor. Just like it's not that hard to find a "respected scientist" to say whatever pushes your agenda for some bucks.

    https://wikileaks.org/

    1. 404

      And that's why there are global warming skeptics...

      weird, eh?

  2. Mahhn

    Correction

    In the first sentence "blamed for compromising the Democratic" - "compromising" is incorrect, "exposing" would be correct.

    1. Curly4
      Happy

      Re: Correction: True statement

      You are correct. Whom ever got the DNC emails only revealed what the democrats was emailing each other. At no time has it been shown that the hackers changed any email nor added a false email to the list that was released.

  3. Flocke Kroes Silver badge

    Old news

    Russians caught faking evidence before Trump elected.

  4. Destroy All Monsters Silver badge
    Windows

    Check is in the mail, SecureWorks

    That "DNC hack"... we still don't know whether it actually occurred. Maybe one should start with that?

    Also, the "influencing global events" meme is is a bit bereft of logic (but then again, what would one expect of a perverse alliance of neocons, democrats and TLA power players?). Or maybe "Hollywood Logic" has infected everything and our only hope is that Vogons clean the fuck up before we beclown ourselves in front of the whole Galaxy.

    The Missing Logic of Russia-gate

    Assuming that Putin read the polls like everyone else, would he risk infuriating the likely next President of the United States – Hillary Clinton – by embarrassing her with an email leak that would amount to a pinprick? Clinton herself blamed her surprise defeat on FBI Director Comey’s decision to briefly reopen the investigation into whether she endangered national security by using a private email server as Secretary of State.

    Unless one assumes that Putin’s Ouija board also predicted Comey’s actions or perhaps that Comey is another Russian mole, wouldn’t it be a huge risk for Putin to anger Clinton without ensuring her defeat? There’s the old saying that “if you strike a king, you must kill him,” which would seem to apply equally to a queen. But logical thinking no longer applies to what’s going on in Official Washington.

    1. Flocke Kroes Silver badge

      Re: Check is in the mail, SecureWorks

      Please explain why the Trump campaign changed the Republican manifesto to support Russia against the Ukraine. Why did Don's campaign manager contribute his valuable time for free?

      1. tom dial Silver badge

        Re: Check is in the mail, SecureWorks

        The Trump campaign did not effect a Republican platform change to support Russia. They did argue successfully for a change that weakened the plank that addressed Russian activities in the Eastern part of Ukraine by removing a reference to providing weapons to the Ukraine government.

        The Republican platform, as adopted, is quite noticeably more supportive of the Ukraine government than the Democratic party platform adopted a few weeks later. The referenced article, contemporaneous with the Republican convention, could not include that information, but repeating it now without that context is not significantly different from some of the news manipulation for which Russia is being condemned.

        1. Flocke Kroes Silver badge

          @tom dial

          Until today, I had not read the section on the Ukraine in the Democrat and the Republican platforms. Both are really waffly with vague commitments. I think they are both too fuzzy to call one stronger than the other. The Republicans did weaken their platform concerning the Ukraine. I looked for evidence of something similar from the Democrats. All I found was criticism of Obama's stance from Republicans.

          Do you have something that shows the Democrats changed their tune at least as much as the Republicans did?

          1. tom dial Silver badge

            Re: @tom dial

            I also have read both, and to my thinking the Republican platform plainly contains more and stronger and statements supporting Ukraine than the Democratic one. It is true that the D platform was not weakened, and it also is true that the R platform was not strengthened, and an attempt to do so was opposed by the Trump campaign.

            Platforms always are fuzzy for at least two reasons. They are written with the expectation that someone, likely enough an opponent, actually will read them and use what they find as an attack point. It is easy to imagine, and all but certain, that Clinton's campaign would have characterized a Republican plank promising to deliver weapons to the Ukraine (as the proposed change had it) as warlike and reckless, as well as displaying total ignorance of foreign affairs. In addition, they are written with the intention of avoiding opposition within the party.

    2. iromko

      Re: Check is in the mail, SecureWorks

      Why everyone assumes the intent was to promote one candidate over the other? May be the meddlers wanted to undermine the credibility of elected President, whoever that would be. For that purpose, the bigger mess they created, the better. They even had no need to hide the meddling carefully, because if they covered everything properly, no one would question the legitimacy of elected President, as they do now.

    3. User McUser

      Re: Check is in the mail, SecureWorks

      Assuming that Putin read the polls like everyone else, would he risk infuriating the likely next President of the United States – Hillary Clinton – by embarrassing her with an email leak that would amount to a pinprick?

      Because it's a low-risk, high-reward opportunity?

      Worst case for them, Russia angers a newly elected President Clinton who issues some sanctions. Best case for them, Russia appeases a newly elected President Trump who tells everyone what a great guy Putin is.

      Clinton herself blamed her surprise defeat on FBI Director Comey’s decision to briefly reopen the investigation into whether she endangered national security by using a private email server as Secretary of State.

      Don't forget, there were three wholly separate email "scandals" that got conflated into a single nebulous email problem in the minds of many voters.

      There was the "Hillary used a private email server while Secretary of State" issue, there was the DNC hack-and-release issue, and finally there was the Anthony Wiener's secretary's laptop issue. The first two are entirely unrelated and the first and third are only tangentially related because the two parties had potentially corresponded with each other such that messages not contained in one set might have existed in the other (which was not the case.)

      It was this last one, the nonsense with Anthony Wiener's secretary's email that was the October surprise from Director Comey, to which Secretary Clinton assigns much of the blame for her unexpected defeat.

    4. Anonymous Coward
      Anonymous Coward

      "We still don't know it actually occurred"?

      So you think that 17 intelligence agencies are all wrong on this? Yeah yeah, I know, you'll point to Iraq's yellowcake, but that was basically a bull rush scenario. There was one guy from Iraq who said it, and Bush's admin had told the CIA they wanted evidence to support a war with Iraq. So they dolled it up and made it sound like there were corroborating sources.

      It is funny that all the hardcore conservatives who defended the Iraq war for years, and claimed WMDs had been found when the only found were rusty leftovers we missed back in 1991, are the ones now pointing to the lack of WMDs as a defense against Trump. If there was any doubt Trump would be able to find people in those 17 intelligence agencies who disagree with the official conclusion and promote their viewpoint. That he hasn't should be telling.

      I find it interesting that only those on the two extremes are in doubt about Russia's involvement. On the extreme right, they don't want to believe their orange snowflake had even the slightest outside help, let alone the complicity that looks more and more likely to be eventually proven as more facts come out every day. On the extreme left, they are so anti-military they think this is a massive 'deep state' psyop to try to bring back the cold war (even their hero Bernie doesn't believe that one)

      1. BrianWilson

        Re: "We still don't know it actually occurred"?

        That "17 intelligence agencies" nonsense is a complete myth and exposes YOU as the hack. That's a left-wing talking point that is completely made up. There is ZERO evidence that the Russian gov't hacked into the DNC. In fact it would make more sense that you are the Russian gov't trying to undermine our democratic process by spreading outlandish FUD.

        1. Anonymous Coward
          Anonymous Coward

          Re: "We still don't know it actually occurred"?

          OK, 17 agencies didn't all independently investigate it (why would say Air Force Intelligence investigate Russian hacking of the DNC)

          But the DNI, who is in charge of all 17 and speaks on their behalf, said it was Russia in a joint statement with the DHS:

          https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases-2016/1423-joint-dhs-odni-election-security-statement

          Had any of those agencies disagreed with the conclusion, they would have made it known. If not while Obama was in office, they surely would have spoken up in past couple months since Trump took over. So if any of the 17 don't buy that conclusion, where is Trump's tweet saying "Air Force Intelligence (or whoever) says it wasn't Russia!"

          1. Anonymous Coward
            Anonymous Coward

            Re: "We still don't know it actually occurred"?

            But it's actually a lot worse than you pretend. Only one commercial organization looked at the DNC servers, NONE of the intelligence services did, and they're all believing what an organisation PAID by the DNC is saying.

            If you believe that I have several bridges you might want to invest in....

        2. Roo
          Windows

          Re: "We still don't know it actually occurred"?

          "That "17 intelligence agencies" nonsense is a complete myth and exposes YOU as the hack."

          Blimey someone rattled your cage pretty hard to drive you to make your second ever post to El Reg a personal attack and left-wing conspiracy theory job. Stick to the day job, leave the shilling to the pros.

  5. nematoad Silver badge
    Happy

    No need.

    "May be the meddlers wanted to undermine the credibility of elected President, "

    I don't think that he needs any help with that.

  6. Fehu

    Threat Evolution

    Compromising a server in another country in order to attack your intended target used to be common practice. Now, with thousands of trolls at the ready to simply say the IP of the attacker is meaningless, it's only necessary when your target has a proactive IT staff that has already blocked all your country's IP addresses.

  7. Crazy Operations Guy
    Joke

    "...and an endpoint exploitation kit called Scaramouche."

    Sure it can exploit remote endpoints, but can it do the Fandango?

    1. User McUser
      Coat

      Re: "...and an endpoint exploitation kit called Scaramouche."

      IDK about that but it *can* use Thunderbolt and Lightning ports, which is very very frightening.

      1. Paul Crawford Silver badge

        Re: "...and an endpoint exploitation kit called Scaramouche."

        Which is why the EU has invested so much in Galileo! Galileo!

      2. Crazy Operations Guy

        Re: "...and an endpoint exploitation kit called Scaramouche."

        Probably written by a poor boy, from a poor family... But, please, spare his life from this monstrosity.

  8. lnLog

    Pandering much?

    'APT 28 is variously known as Pawn Storm, Sofacy, Tsar Team, Strontium, Fancy Bear, and (now) Iron Twilight.'

    Why not use unflattering nick names, rather than inflating egos, I recommend unpleasant diseases which would come up when searching for them. You never know may piss them off enough to reveal more info.

  9. Anonymous Coward
    Big Brother

    The real story of the DNC emails

    Wouldn't the real story be the contents of the DNC emails as in how they depict politics is really carried out.

    The Top 100 Most Damaging WikiLeaks

  10. YARR
    Black Helicopters

    Truth over the lesser of two evils

    Part of the role of journalists is to critically analyse the facts rather than to just parrot information they are presented with. If you would only attack this report with the same gusto as if it were an Apple product.

    Acquiescence is silently condoning their claims which are encouraging a rift in international relations. Being critical makes you pro-truth not pro-Russian. The Russians (government not people) are equally guilty of deception, from evidently fake MH370 satellite photos to bloodless "assassinations" of ambassadors.

  11. Cook942

    Reminded of Rocky IV

    "APT 28 is variously known as Pawn Storm, Sofacy, Tsar Team, Strontium, Fancy Bear, and (now) Iron Twilight."

    I am strangely reminded of the scene in Rocky IV when the announcer is listing all of apollos names

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like