New False Claims Of "Russian Hacks" = Old Ukrainian Malware Found
31
December, 2016
All
recent claims of "Russian hacking" are either outright
false or are based on "evidence" that only shows
run-of-the-mill attacks by some anonymous basement hacker.
The
year 2016 saw the person elected U.S. president who Jeff Bezos'
propaganda rag, the Washington Post, hated most. To celebrate the end
of this very bad year its writers and editors decided to put more egg
on their faces.
It
first published the piece promoted on
the left and
some three hours later the fundamentally "corrected" one on
the right.
The
claim in the first piece, based on anonymous "officials",
was that Russia hacked into the U.S. electricity grid through a
utility company in Vermont. But then the utility companies in
question, Burlington Electric, issued a statement that
a recent scan of its IT systems had found only one laptop with some
malware and that the laptop in questions was not connected to its
networks at all. There was nothing found on any net-connected system.
It had reported the find to the federal U.S. government. (Some very
shortsighted "officials" immediately abused the
confidential company information to miss-inform the Washington Post.)
The utility company found the malware by scanning for a malware
signature published in a lame recent assessment by Homeland Security
and the FBI.
Dubious
claims of foreign hacking of the electricity grid have already been
made in
2009.
Its an old trick of the Obama administration to achieve some
political aims.
The
Washington Post was obviously so eager to publish another of its
daily "Russian hacking" fakes that it did not even ask the
two Vermont utilities in question before pushing the stenographed
piece out of the door.
That
may well have been because the lead editorial of that day was warning
of Putin hacking the U.S. electricity network and (again) hitting at
Trump:
For any American leader, an attempt to subvert U.S. democracy ought to be unforgivable — even if he is the intended beneficiary. Some years ago, then-Defense Secretary Leon Panetta warned of a “cyber-Pearl Harbor,” and the fear at the time was of a cyberattack collapsing electric grids or crashing financial markets. Now we have a real cyber-Pearl Harbor, though not one that was anticipated.
Pearl
Harbor was followed by the U.S. entry into a world war. Do the
editors want to repeat that when alluding to it?
The
editorial also pushed a bunch of wholly invented conspiracy theories:
Why is Mr. Trump so dismissive of Russia’s dangerous behavior? Some say it is his lack of experience in foreign policy, or an oft-stated admiration for strongmen, or naivete about Russian intentions. But darker suspicions persist. Mr. Trump has steadfastly refused to be transparent about his multibillion-dollar business empire. Are there loans or deals with Russian businesses or the state that were concealed during the campaign? Are there hidden communications with Mr. Putin or his representatives? We would be thrilled to see all the doubts dispelled, but Mr. Trump’s odd behavior in the face of a clear threat from Russia, matched by Mr. Putin’s evident enthusiasm for the president-elect, cannot be easily explained.
During
the election campaign WaPo was the news paper with the most
anti-Trump screeds on its neoconned editorial page. That actually
helped Trump by making him the obvious anti-Neocon candidate. But
"Pearl Harbor" comparisons and "darker suspicions"
beat even the most stupid earlier pieces on him.
I
suspect that the pushing of the Vermont hack was also an attempted
hit against Bernie Sanders, the Senator from Vermont who was scammed
out of the Democratic candidacy by the Clinton aligned Democratic
National Council. He would now either have to jump on the "Russian
hacking->bad Putin->bad-Trump" train or could be blamed of
pro-Russian, pro-Putin and pro-Trump tendencies. All such tendencies
are of course bad in the view of the pseudo-liberal Washington
establishment which is busy promoting the New
Red Scare.
But
back to that malware. DHS and FBI had published a "report"
(pdf) which again attempted to blame Russia of hacking the Democratic
National Council while again providing zero actual evidence of such a
hack (hint: there is none). The 13 pages include 2 with amateur
graphics of a trivial hack architecture and 7 with amateur advice on
how to protect a network. Of interest in it were samples and
checksums of moduls of the hacking software it attributed to Russia
and a list of IP addresses through which it claims the DNC hack was
made. Of special interest is also what it
does not say.
Several well
known IT security experts have said earlier, like
me,
that such "reports" and claims are bullshit. A few more add
to that:
Any antivirus company doing any amount of threat intelligence would be able to come up with more solid indicators than FBI released.
John
McAfee (now
often nutty but right in this):
If it looks like the Russians did it I can guarantee you it wasn't the Russians.
My money's on this all turns out to be commodity malware and not even APT28/APT29 and everyone jumping on the bandwagon will look v silly
All,
and especially Matt Tait, are right.
Wordfence,
also a reputed IT security company, took a
detailed look at the samples and tablesin
the new DHS/FBI "report" and concludes:
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
There
is your "Russian hack" the DHS and FBI claim hit the DNC
servers and WaPo falsely claimed hit the U.S. electricity grid. A
run-of-the-mill hack through freely available servers with old
Ukrainian malware just like the hundred-thousand others that happen
each day.
(Putin
is now likely to accept the "Russian Hack" claim if the
U.S. corrects the record by helping Russia to annex the source
country of the identified malware. "If you give me Ukraine we
will also call it 'the Russian hack'. We will even take
responsibility!")
But
if you, like me, believe the word of former British ambassador Craig
Murray who works with Wikileaks, there was no hack at all. The DNC
data came via
an insider who
had direct access to them. They were handed to Craig for publishing
by Wikileaks.
The
whole bogus "Russian hacking" and "Putin did it"
claims are issued to lock the coming President Trump into an
anti-Russian position. Peace with Russia means less plausible
"imminent threat" claims and thereby lower budgets and
management prestige for the defense and cybersecurity industry and
government organizations. That again would mean lower advertisement
income for the Washington Post and less money for its staff, editors
and owner.
These
people would rather have Word War III than to endure that.
From RT
No comments:
Post a Comment
Note: only a member of this blog may post a comment.