Home » Posts tagged 'GREGORY ELICH'

Tag Archives: GREGORY ELICH

Olduvai
Click on image to purchase

Olduvai III: Catacylsm
Click on image to purchase

Post categories

Post Archives by Category

The WannaCry Cyberattack: What the Evidence Says and Why the Trump Administration Blames North Korea

The WannaCry Cyberattack: What the Evidence Says and Why the Trump Administration Blames North Korea  

Photo by Blogtrepreneur | CC BY 2.0

On December 19, in a Wall Street Journal editorial that drew much attention, Homeland Security Advisor Tom Bossert asserted that North Korea was “directly responsible” for the WannaCry cyberattack that struck more than 300,000 computers worldwide. The virus encrypted files on infected computers and demanded payment in return for supposedly providing a decryption key to allow users to regain access to locked files. Bossert charged that North Korea was “using cyberattacks to fund its reckless behavior and cause disruption across the world.” [1]

At a press conference on the same day, Bossert announced that the attribution was made “with evidence,” and that WannaCry “was directed by the government of North Korea,” and carried out by “actors on their behalf, intermediaries.” [i] The evidence that led to the U.S. to that conclusion? Bossert was not saying, perhaps recalling the ridicule that greeted the FBI and Department of Homeland Security’s misbegotten report on the hacking of the Democratic National Committee.

[i] “Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea,” Whitehouse.gov, December 19, 2017.

The centerpiece of the claim of North Korean culpability is the similarity in code between the Contopee malware, which opens backdoor access to an infected computer, and code in an early variant of WannaCry. [3]

Contopee has been linked to the Lazarus group, a cybercrime organization that some believe launched the Sony hack, based on the software tools used in that attack. Since North Korea is widely considered to be behind the cyberattack on Sony, at first glance that would appear to seal the argument.

…click on the above link to read the rest of the article…

Did the Russians Really Hack the DNC?

Did the Russians Really Hack the DNC?

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government. Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]

Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.

…click on the above link to read the rest of the article…

Did the Russians Really Hack the DNC?

Did the Russians Really Hack the DNC?

Photo by Cliff | CC BY 2.0Photo by Cliff | CC BY 2.0

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government.  Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]

Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.

…click on the above link to read the rest of the article…

Olduvai IV: Courage
Click on image to read excerpts

Olduvai II: Exodus
Click on image to purchase

Click on image to purchase @ FriesenPress