"metadata show that the Russian operators apparently edited some documents, and in some cases created new documents" http://motherboard.vice.com/read/all...d-the-dnc-hack …
Hack as well as a disinformation operation....
Printable View
"metadata show that the Russian operators apparently edited some documents, and in some cases created new documents" http://motherboard.vice.com/read/all...d-the-dnc-hack …
Hack as well as a disinformation operation....
Kremlin spox denies #Russia behind DNC email leak, says Moscow "at pains" to avoid interference in other's elections. Uh, not exactly true.
BUT WAIT...the so called referendum in Crimea and the interference on the Ukrainian elections so this is another one of the many Russian/Putin lies.....
Russia blasts allegations it hacked the DNC emails as made-up 'horror stories'
http://read.bi/2ae8ujs
I guess the "dishonest" media will just have to make up their own conclusions then
US intel community coming to conclusion that #Russia intel agencies behind hack of #DNC e-mails.
http://www.nytimes.com/2016/07/27/us...ef=europe&_r=0 …
AFTER all the work was done by private companies and social media specialists...now they say something......
Source of Peskov blanket denial of Russia hacking DNC or doing anything to interfere in US or anywhere
http://vigornews.ru/politika/39981_P...gih_stran.html … Don't buy it.
Based on the experience of Russian statements on Crimea and eastern Ukraine and now Syria..when Russia is adamant about something then the accusation is usually fully correct.....
Putin definitely waging cyber war
http://bit.ly/2anuLuK
and @realDonaldTrump asks them to do it more! Incredible
Russian troll attack targets US experts, government employees &intelligence service veterans
http://euromaidanpress.com/2016/07/2...ack-americans/ …
Putin's troll army now work for #Trump? At least I get severely trolled every time I mention #PutinTrump, #Russia.
http://nordic.businessinsider.com/ru...16-7?r=US&IR=T …
Russian info warfare hard at work now defending Trump...so busy protecting Trump they seem to have forgotten Ukraine and Syria .....nothing on that front since the Trump story broke....
The Kremlin (via TASS) rush to the defence of @realDonaldTrump after his "hack Hillary" gaff https://twitter.com/tassagency_en/st...56532153217024 …
THIS is the key.....Russian trolls they take their lead from TASS and Interfax......
Kremlin spox denies #Russia hacked DNC; hours later, #Trump calls on Russia to release hacked e-mails. You can't make this stuff up.
This is just getting worse and Putin cannot keep up.......
Donald Trump’s Call for #Russia to Hack the U.S. Might Be a Felony
http://thebea.st/2ay2AsL
Russia rise to cyberwar superpower
http://bit.ly/2ae5fFq via @dailydot
Russian internet trolls were being hired to pose as pro-Trump Americans -
http://pllqt.it/0hNAl7
By November, Russian hackers could target voting machines
http://wapo.st/2a5exE3
If you're following #DNCleak, this from @AdrianChen is essential to understanding Russian state information warfare: http://www.newyorker.com/news/news-d...social_twitter …
Everyone who somehow keeps track of Russian media have noticed that the propaganda has been justifying everything...
http://fb.me/82eX7BBqZ
US #intelligence chief says #Russia behind #DNC hack in bid to influence elections
http://uatoday.tv/politics/us-intell...ns-706241.html …
Inside the Red #Web:#Russia's back door onto the #internet – extract:
http://gu.com/p/4c3qm/stw
What spawned #Russia's'#troll #army'?Experts on the red web share their views:
http://gu.com/p/4c6mn/stw
Russian radio with innuendo name promotes Russian politics in Finland.
https://twitter.com/AndriiOlefirov/s...34298757963776 …
FBI investigates new case of suspected Russian hacking, on Democrat congressional group:
http://www.reuters.com/article/us-us...-idUSKCN1082Y7 …
Same exact two Russian security services hard at work.....FSB and SVR......
Russian hackers are believed to have accessed the accounts of more than 100 Democratic groups and officials http://mobile.nytimes.com/2016/08/11...berattack.html …
This is big: DCLeaks is almost certainly a Russian gov't influence op, linked to Guccifer 2 & more @ThreatConnect
https://www.threatconnect.com/does-a...-in-the-woods/
August 12, 2016
Does a BEAR Leak in the Woods?
in Blog, Featured Article, Research by ThreatConnect Research Team
For those that work in the realm of IT security...read this article as well as anything else they have published concerning the DNC hack.....Quote:
ThreatConnect Identifies DCLeaks As Another Russian-backed Influence Outlet
Read the full series of ThreatConnect posts following the DNC Breach: “Rebooting Watergate: Tapping into the Democratic National Committee”, “Shiny Object? Guccifer 2.0 and the DNC Breach“, “What’s in a Name Server?“, “Guccifer 2.0: the Man, the Myth, the Legend?“, “Guccifer 2.0: All Roads Lead to Russia“, and “FANCY BEAR Has an (IT) Itch that They Can’t Scratch“.
Over the last month and a half, ThreatConnect has authored a number of blog posts pulling at strands of a nebulous Russian spiderweb of malicious infrastructure – one data point at a time. Along the way, we’ve built off of the work other researchers have done and have engaged with a handful of journalists who are eager to get to the bottom of the story. We assess the Guccifer 2.0 persona that surfaced after the DNC breach was announced in June is a Russian creation to maximize the impact of strategic leaks.
But it looks like we missed something called DCLeaks, another outlet for leaked material. We believe DCLeaks is another Russian-backed influence outlet based on the following:
Guccifer 2.0’s use of DCLeaks to share purloined emails from a Hillary Clinton campaign staffer with journalists
DCLeaks hosting a portfolio of leaked emails belonging to Billy Rinehart Jr. — a former development manager at the United Nations Foundation and regional field director for the DNC — whose email account was breached in the same manner as a known FANCY BEAR attack method
DCLeaks’ registration and hosting information aligns with other FANCY BEAR activities and known tactics, techniques, and procedures
For more on this, see today’s article from The Smoking Gun detailing DC Leaks.
DCLeaks Background
DCLeaks was established in mid-2016 and initially garnered some publicity for releasing a series of emails from retired Air Force General Philip Breedlove, who in his last position was the commander of U.S. European Command and NATO forces. In this role as the most senior U.S. military official responsible for Russia, General Breedlove advocated for a more muscular response to Russian aggression in Ukraine and the leaked emails detail internal lobbying pertaining to the Obama Administration’s policy.
The About page for DCLeaks claims “the American hacktivists” initiated the “new level project”:
DCLeaks is a new level project aimed to analyze and publish a large amount of emails from top-ranking officials and their influence agents all over the world. The project was launched by the American hacktivists who respect and appreciate freedom of speech, human rights and government of the people. We believe that our politicians have forgotten that in a democracy the people are the highest form of political authority so our citizens have the right to participate in governing our nation.
The website has grouped its leaks into portfolios that include General Breedlove, Bill and Hillary Clinton, the Republican party, George Soros, and William “Billy” Rinehart, among others. Each of these portfolios has a description of the individual or organization, but most of the language that DCLeaks uses is either borrowed from Wikipedia or very simplistic in nature. This limits our ability to use language on the site to support an attribution assessment in a meaningful way.
Guccifer 2.0: Using DCLeaks, but Quietly
On June 27, 2016, The Smoking Gun (TSG) received a series of emails from Guccifer 2.0 (guccifer20@aol[.]fr) with the subject “leaked emails”. Most of the messages were sent from the Russia-based Elite VPN IP address 95.130.15[.]34 (located in France) as previously highlighted in our blog post. Some of the emails were sent from another probable Elite VPN IP address 208.76.52[.]163 (Miami, FL). The messages were not spoofed as they passed Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) checks.
Within the message thread the Guccifer 2.0 persona offered exclusive access to private Clinton campaign emails.
Continued......
This is the world of my company and I deal with this on a daily basis for my customers....
Those that do not quite yet want to believe that the Russians, Chinese, and Iranian are not good at this and or MAYBE it was not a Russian cyber war op directed clearly at the US...seriously need to rethink their views.
It is about time to wake up and smell the coffee as the Russians are really, really good.
Just a side comment.....all it takes is a single infected computer out of say a 25,000 end user network and I can control your entire network. One single wrong click by an enduser on a phishing email and it is over.
Now envision the coming Internet of Things (IOT) ...I have seen a massive bot network built on the backs of internet savvy refrigerators....
Also important: the detailed backstory of how @tsgnews received the login for DCLeaks from Guccifer & follow-up http://www.thesmokinggun.com/documen...hackers-638295 …
.It gets better (& more confusing): @tsgnews claim Russian hackers also breached major Republican figures & orgs
Thomas Rid @RidT · Aug 2 City of London, London
"MOONLIGHT MAZE. Anatomy of an Attack" Anatomy Lecture Theatre, 29 Sept
http://bit.ly/ridt-MM
< with vintage items
Important new revelations on how GRU + FSB hackers e-pillaged much more than DNC, even SACEUR. Big CI story here.
Russian Hackers of DNC Said to Nab Secrets From NATO, Soros
http://www.bloomberg.com/news/articl...rom-nato-soros
(((CatherineFitz))) @catfitz
"Made a great noise" is a Russianism, i.e. how Russians would say something in Eng similar to RU
http://www.motherjones.com/politics/...ited-questions …
Also "go this way"
"Guccifer 2.0" in message to @WSJ “I won’t disclose my whereabouts for the safety reasons."
http://on.wsj.com/2aOc94O
Guccifer releases more hacked info.....Hacker posts cell phone numbers of congressional Democrats
Hacker reveals personal info for 193 Democrats. Hoyer, reached on cell posted on site, says breach is alarming.
Guccifer 2.0 Twitter account has been suspended. That's the account alleging to have breached The Democratic Party's computer networks.
Russian state hackers release small number of GOP emails to show 'no bias'. Mostly from Lindsay Graham (200% anti-Putin-Assad Senator)
Appears that the second email data dump of the AKP emails by WikiLeaks contained an unusual amount of malware...
https://github.com/bontchev/wlscrape...ter/malware.md
Malware hosted by Wikileaks
The following table contains the confirmed malware residing on the Wikileaks site. The list is by no means exhaustive; I am just starting with the analysis. But what is listed below is definitely malware; no doubts about it.
Quote:
The first column contains a link to the e-mail on the Wikileaks site that contains the malicious attachment. The e-mail itself is safe to view (although the text is usually spam/scam/phish/whatever).
The second column contains the URL on the Wikileaks site where the malicious attachment to this e-mail message resides. Since this is a direct link (i.e., clicking it would result in the malware being directly downloaded to your PC), I have obfuscated the link by replacing "https" with "hxxxx" and putting square brackets around the dot in ".org", in order to make the link non-clickable. If you desire to download the malware and check for yourself that it is, indeed, malware, you can trivially deobfuscate the link - just, please, do be careful.
The third column contains links leading to a VirusTotal page, showing how the different scanners are reporting the malware. Those are safe to click.
Qudos to Hasherazade for making her tool VTScan for batch querying VirusTotal publicly available.
Wikileaks e-mail
Wikileaks URL to the malicious attachment
VirusTotal analysis
36138 hxxxx://wikileaks[.]org/akp-emails/fileid/36138/20098 F36CB35F410AB65958A6CCA846737A9C
Continued as the list is long.....
Apparently the hacker was not that well versed in not pulling the junk mail account or simply in a hurry OR Wikileaks was well aware of the malware and wanted to spread them.......
Mysterious entity claims it hacked Equation Group (likely NSA), dumps files, goes into rant. Potentially interesting
https://twitter.com/shadowbrokerss
Significant if true: Wikipedia referencing Kaspersky ties this APT group to the NSA/USG
https://twitter.com/pwnallthethings/...60042790281216 …