• update

    The text box issue is fixed. You can now post just a title in replies again. Thank you Manny! Working on the rest. Thank you for your patience.

Home JackpineRadical Rooms JPR Reading Room U.S. Intelligence Got the Wrong Cyber Bear

  • Purveyor (2633 posts)
    Profile photo of Purveyor Donor

    U.S. Intelligence Got the Wrong Cyber Bear

    JAN 2, 2017 11:58 AM EST
    ByLeonid Bershidsky

    The “Russian hacking” story in the U.S. has gone too far. That it’s not based on any solid public evidence, and that reports of it are often so overblown as to miss the mark, is only a problem to those who worry about disinformation campaigns, propaganda and journalistic standards — a small segment of the general public. But the recent U.S. government report that purports to substantiate technical details of recent hacks by Russian intelligence is off the mark and has the potential to do real damage to far more people and organizations.

    The joint report by the Department of Homeland Security and the Federal Bureau of Investigation has a catchy name for “Russian malicious cyber activity” — Grizzly Steppe — and creates infinite opportunities for false flag operations that the U.S. government all but promises to attribute to Russia.

    The report’s goal is not to provide evidence of, say, Russian tampering with the U.S. presidential election, but ostensibly to enable U.S. organizations to detect Russian cyber-intelligence efforts and report incidents related to it to the U.S. government. It’s supposed to tell network administrators what to look for. To that end, the report contains a specific YARA rule — a bit of code used for identifying a malware sample. The rule identifies software called the PAS Tool PHP Web Kit. Some inquisitive security researchers have googled the kit and found it easy to download from the profexer.name website. It was no longer available on Monday, but researchers at Feejit, the developer of WordPress security plugin Wordfence, took some screenshots of the site, which proudly declared the product was made in Ukraine.

    That, of course, isn’t necessarily to be believed — anyone can be from anywhere on the internet. The apparent developer of the malware is active on a Russian-language hacking forum under the nickname Profexer. He has advertised PAS, a free program, and thanked donors who have contributed anywhere from a few dollars to a few hundred. The program is a so-called web shell — something a hacker will install on an infiltrated server to make file stealing and further hacking look legit. There are plenty of these in existence, and PAS is pretty common — “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world (judging by hacker forum posts),” Robert Graham of Errata Security wrote in a blog postlast week.

    MORE…

    https://www.bloomberg.com/view/articles/2017-01-02/u-s-intelligence-got-the-wrong-cyber-bear

    dreamnightwind, leveymg, Mom Cat and 5 otherscanoeist52, 7wo7rees, djean111, Downwinder, like this

You must be logged in to reply to this topic.

  • leveymg (2713 posts)
    Profile photo of leveymg

    1. Exactly. There is no clear chain of custody. No way to prove

    who did what and what was done with it after that.  Exactly what Hillary and her lawyers counted on.