Tuesday, January 3, 2017

Intelligence Agency "The Russians Hacked The Election" report is incredibly weak

Man, it seems like the report is really weak:
Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate. Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' "tradecraft and techniques" and instead delivering generic methods carried out by just about all state-sponsored hacking groups.
"This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," Robert M. Lee, CEO and Founder of the security company Dragos, wrote in a critique published Friday. "It is my opinion and speculation that there were some really good government analysts and operators contributing to this data and then report reviews, leadership approval processes, and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little."
It's larded with basic n00b errors:
The sloppiness, Lee noted, included the report's conflation of Russian hacking groups APT28 and APT29—also known as CozyBear, Sandworm, Sednit, and Sofacy, among others—with malware names such as BlackEnergy and Havex, and even hacking capabilities such as "Powershell Backdoor." The mix up of such basic classifications does little to inspire confidence that the report was carefully or methodically prepared. And that only sows more reasons for President elect Donald Trump and his supporters to cast doubt on the intelligence community's analysis on a matter that, if true, poses a major national security threat.
It also doesn't discuss that while there are many linkages between these groups and the Russian government, the links are loose.
As Errata Security CEO Rob Graham pointed out in a blog post, one of the signatures detects the presence of "PAS TOOL WEB KIT," a tool that's widely used by literally hundreds, and possibly thousands, of hackers in Russia and Ukraine, most of whom are otherwise unaffiliated and have no connection to the Russian government.
All in all, this does not seem at all convincing.  It's not clear what exactly was hacked, it's very unclear who was behind the hack(s), and it is murky indeed whether this was state sponsored or just run of the mill Black Hat activity.

What IS interesting is that the Intelligence community would issue such Security Kabuki.  Your speculation is as good as mine on the motivations of those involved.


matism said...

The motivations of those involved are totally transparent. The "Intelligence" community has no more use for the US as a sovereign independent nation than do the State Department or the Democrats or the Rove Republicans. They are ALL on the side of the globalists with their One World Government utopia. As a result, they will do everything they can to delegitimize the Trump Administration and stop him from upsetting their apple cart. Laws and Constitution be damned. Because, after all, it is for the Greater Good!

STxAR said...

As long as the supposed actors are the story, the facts released in the emails won't be. Why don't the media ask the guy who leaked the emails where he got them from? That would be too much "journalism" I guess, not enough "making the world better."

SiGraybeard said...

FWIW, I would modify Matism's comment slightly. I don't think the intel agencies have any "high mindedness" to their actions, like furthering a "One World Government" agenda. I think it's simply fear that their uselessness will be noticed and in a budget-cutting administration they might lose their cozy little empires. We can only hope this turns out to be a budget cutting administration.

The motivation is self-preservation, or preservation of their little corner of the world, not some big objective.