Wikileaks, Hackers, Russia and the US Election
Opinion: Wikileaks has lost my respect, as they backing Julian Assange's revenge attack on the USA. Not that I favour either candidate. Opinion: I have to think this was Julian Assange's plan all along? http://www.9news.com.au/world/2016/11/07/07/59/hillary-clinton-emails-no-cha... The FBI's review of new emails did not uncover any wrongdoing by Democratic presidential nominee Hillary Clinton and the bureau has not changed its July recommendation not to charge her, Director James Comey has said. More... Julian Assange's Most Incendiary Interview: "Hillary Clinton Is The Central Cog Of The Establishment" | Zero Hedge http://www.zerohedge.com/news/2016-11-05/julian-assanges-most-incendiary-int... Opinion: It seems his plan is just to destabilise USA politics full stop. More... http://www.abc.net.au/lateline/content/2016/s4570745.htm EMMA ALBERICI: So just back to the FBI, it says it hasn't found anything, obviously, that troubles them in particular. But a number of Hillary Clinton's email had been leaked through Wikileaks and we hear most recently suggestions that Chelsea Clinton's $3 million wedding was paid for at least in part from the Clinton charitable foundation, presumably revelations like that will hurt as well? KIM BEAZLEY: White noise really now in that part of the debate. I think one of the countervailing effects of the leaks as a source, it is quite clear, according to the heads of all 17 American intelligence agencies, that this is a product of penetration of the system by a Russian hackers and then distributed, probably with the Kremlin support. And Americans do not like being manipulated by foreigners, and particularly Russians. So that at least has had some degree of an offset, so when people come out with statements about Chelsea's wedding or whatever, then they say, well, do you want to dance for the Russians? That is the sort of countervailing pressure on that. But talking about unprecedented things, the unprecedented presidential element of the campaign, and the unprecedented involvement of Russia in domestic American politics. EMMA ALBERICI: Over the weekend you said that Wikileaks was leaking on behalf of Putin. Did you mean they were somehow in cahoots? KIM BEAZLEY: Well, I think the materials were placed in their hands clearly by a leak from the Russians. The decision as to how to deploy it would have been calculated by them too. Contrary to the claims of what they are about as whistle blowing and, and, and transparency, these haven't been dumped, you know, one could believe that if the day they received, they dumped it, which is what they normally do. Instead it has been parcelled out tactically. And in the parcelling out of it tactically is what lends voracity to that claim. Opinion: Yes I have seen Wikileaks media report from this morning, and I’m still not convinced.
Quoting David Turk (davemarkturk@me.com):
Opinion: Wikileaks has lost my respect, as they backing Julian Assange's revenge attack on the USA. Not that I favour either candidate.
Just a side-comment: The Russian criminal elements who've been mass-gathering e-mails from various places (elements alleged to have state backing) haven't actually been doing any frightfully elaborate and impressive computer break-ins. According to all reports I've seen, they've just been doing the same low-grade taking advantage of desktop-user stupidity that is the stock in trade of malware/spammer people. For example, large numbers of e-mails relevant to the Hillary Clinton campaign were sucked down from Clinton Campaign head John Podesta -- but not in any clever or surprising fashion _at all_. Instead, it turns out that Podesta was relying on GMail(!), and got suckered into clicking on a phishing link that gave his GMail access credentials to the computer criminals. I mention this because many people think the recent blow-ups resulted from a Putin state-intelligence plot to break into major USA political institutions' sensitive computer networks. The truth appears to be rather less dramatic and rather more pathetic.
I wrote:
Just a side-comment: The Russian criminal elements who've been mass-gathering e-mails from various places (elements alleged to have state backing) haven't actually been doing any frightfully elaborate and impressive computer break-ins. According to all reports I've seen, they've just been doing the same low-grade taking advantage of desktop-user stupidity that is the stock in trade of malware/spammer people.
Or maybe not. This just in: In an episode reminiscent of Watergate, the Democratic Party recently informed the FBI that it had collected evidence suggesting its Washington headquarters had been bugged, according to two Democratic National Committee officials who asked not to be named. [...] The second sweep, according to the Democratic officials, found a radio signal near the chairman's office that indicated there might be a listening device outside the office. "We were told that this was something that could pick up calls from cellphones," a DNC official says. "The guys who did the sweep said it was a strong indication." No device was recovered. No possible culprits were identified. The DNC sent a report with the technical details to the FBI, according to the DNC officials. "We believe it's been given by the bureau to another agency with three letters to examine," the DNC official says. "We're not supposed to talk about it." [...] http://www.motherjones.com/politics/2016/11/dnc-told-fbi-it-may-have-been-bu...
On Tuesday, 8 November 2016 6:34:27 PM AEDT Rick Moen via luv-talk wrote:
For example, large numbers of e-mails relevant to the Hillary Clinton campaign were sucked down from Clinton Campaign head John Podesta -- but not in any clever or surprising fashion _at all_. Instead, it turns out that Podesta was relying on GMail(!), and got suckered into clicking on a phishing link that gave his GMail access credentials to the computer criminals.
I mention this because many people think the recent blow-ups resulted from a Putin state-intelligence plot to break into major USA political institutions' sensitive computer networks. The truth appears to be rather less dramatic and rather more pathetic.
Why do you think that an attack on low hanging fruit can't be state sponsored? Like any other attacker they will use the quickest and easiest ways to achieve their goals. The fact that an unsophisticated attack could be performed by many people and organisations and makes the origin more difficult to determine could be convenient for them. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
Rick Moen via luv-talk <luv-talk@luv.asn.au> wrote:
For example, large numbers of e-mails relevant to the Hillary Clinton campaign were sucked down from Clinton Campaign head John Podesta -- but not in any clever or surprising fashion _at all_. Instead, it turns out that Podesta was relying on GMail(!), and got suckered into clicking on a phishing link that gave his GMail access credentials to the computer criminals.
The end user (and the end user's system) indeed constitute the most likely focus of attack, for this is where the greatest vulnerabilities lie. I would expect U.S. government systems and networks, especially those which carry classified information, to be well protected against sophisticated adversaries, especially state actors. It's the same expertise that brought us SELinux, an undeniably powerful security infrastructure in the hands of administrators who know how to deploy it.
On 09/11/16 13:34, Rick Moen via luv-talk wrote:
Quoting David Turk (davemarkturk@me.com): I mention this because many people think the recent blow-ups resulted from a Putin state-intelligence plot to break into major USA political institutions' sensitive computer networks. The truth appears to be rather less dramatic and rather more pathetic.
Yes, it is often the simple things that get exploited, not the complex "hacks"... If it is true that having just 10,000 passwords will give you 1/3 of ALL Internet accounts, then it is surprising that even more breaches haven't occurred as humans cannot create secure passwords (typically). I'm pretty sure that Mark Burnett's collection of passwords and his understanding of their use from his "hobby" interests in this manner, well, I think he can speak for himself. [1]. Besides all of that. Emails are simple just textual object (which may become files or part of a file store of emails) that, if not protected, can be changed to say ANYTHING. Protecting them involves something like GPG signing, anything else and it is fully open to be completely re-written by anyone .... Cheers AndrewM [1] https://xato.net/10-000-top-passwords-6d6380716fe0#.urf74sh58
Andrew McGlashan via luv-talk <luv-talk@luv.asn.au> wrote:
Besides all of that. Emails are simple just textual object (which may become files or part of a file store of emails) that, if not protected, can be changed to say ANYTHING. Protecting them involves something like GPG signing, anything else and it is fully open to be completely re-written by anyone ....
Also, a mailbox on a server populated by encrypted messages (where a public-key infrastructure is used on the client side to handle the cryptography) is far less valuable to attackers. True, the headers can reveal very useful information for traffic analysis, but at least the contents remain confidential so long as the private keys remain protected.
participants (5)
-
Andrew McGlashan -
David Turk -
Jason White -
Rick Moen -
Russell Coker