[Dailydave] "When you shoot at the king, you best not miss."
spacerog at spacerogue.net
spacerog at spacerogue.net
Thu Jun 16 12:08:56 EDT 2016
Is there any public evidence to support the claim that Guccifer 2.0 is a
Russian disinformation campaign? Crowdstrike is claiming they have
additional info they haven't released but in my book that is just as
good as a New York Times anonymous source.
The complexity of pulling off such a campaign and not getting caught
doing it would suggest they have the skills to not let their hacking get
caught in the first place. In my opinion, as you pointed out, the risk
of trying such a disinformation campaign and getting caught doing it far
outweigh any potential political gains.
Of course if you take into account the recent Russian claims that US
hacking attacks don't get the same coverage in the media as Russian
attacks, who are (currently) being blamed for almost everything, then
this may play well into that narrative.
Who knows.
- SR
dave aitel wrote:
> So I want to point out some things about this really weird DNC Hack. The
> only example I can think of where a nation-state hacked someone and then
> released the documents under a cover-account is North Korea and Sony
> Pictures Entertainment. I can see examples of other smaller services
> (Iran, etc.) doing this as well. North Korea, to be fair, doesn't have a
> lot to lose, so acting like this can make sense and probably showed some
> teeth at an important time.
> But Russia is a whole different kind of service! They have important
> connections to the United States, and having the first thing Hillary
> thinks if she wins the Presidency be "Let's get back at Russia for
> trying to take my campaign out" seems like a cost-benefit equation that
> would preclude this kind of action.
>
> Are there other examples of Russian intelligence doing this sort of
> thing? Is this a change from the norm? Surely this isn't what Russia
> wants the new norm to be, right?
>
> -dave
>
>
> Conversation <https://twitter.com/thegrugq/timelines/743231527639621632>
>
> 1.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743179750064037888>
>
> Now THIS is a really interesting development in #*DncHack*
> <https://twitter.com/hashtag/DncHack?src=hash>: @*Gawker*
> <https://twitter.com/Gawker> has & is publishing the DNC's Trump
> oppo research
>
> 97 retweets101 likes
> Re
> More
> 2.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743180111038472192>
>
> This is a big development, because it means whoever did #*DncHack*
> <https://twitter.com/hashtag/DncHack?src=hash> to get Trump oppo
> file was doing it (bear with me) in *support* of Trump.
>
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743180111038472192>
> 35 retweets43 likes
> Reply
> Retweet
> 35
> Like
> 43
> More
> 3.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743180624731717636>
>
> How does this help Trump, you ask? It's a full dump. Trump gets lots
> of bad news today, but DNC loses ability to use contents strategically.
>
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743180624731717636>
> 34 retweets45 likes
> Reply
> Retweet
> 34
> Like
> 45
> More
> 4.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743183682530324480>
>
> A few observations about this op 1) Another data point in Russian
> SIGINT strategically leaking stolen data to push a particular narrative.
>
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743183682530324480>
> 22 retweets31 likes
> Reply
> Retweet
> 22
> Like
> 31
> More
> 5.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743184280008916992>
>
> 2) This para. V. bad for DNC if those are classification markings
> (but could be campaign "doc is sensitive" bluster)
>
> 16 retweets17 likes
> Reply
> Retweet
> 16
> Like
> 17
> More
> 6.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743184776547340288>
>
> 3) Gosh, I wonder what outlet Russian intelligence is going to use
> to launder these stolen documents.
>
> 21 retweets24 likes
> Reply
> Retweet
> 21
> Like
> 24
> More
> 7.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>18h18
> hours ago
> <https://twitter.com/pwnallthethings/status/743184953546924033>
>
> 4) If you want to peruse the Trump oppo research directly, here's
> the PDF: https://assets.documentcloud.org/documents/2861555/1.pdf…
> <https://t.co/D6qUsqIoDN>
>
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743184953546924033>
> 28 retweets27 likes
> Reply
> Retweet
> 28
> Like
> 27
> More
> 8.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743191210718797824>
>
> 5) Site apparently set up by the group that hacked DNC
> https://guccifer2.wordpress.com/<https://t.co/AqXxuUwzS0>
>
> 21 retweets25 likes
> Reply
> Retweet
> 21
> Like
> 25
> More
> 9.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743191996437770241>
>
> 6) This is all of the text from the hacker's post, in case website
> gets taken down. Check out the broken English.
>
> 32 retweets29 likes
> Reply
> Retweet
> 32
> Like
> 29
> More
> 10.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743194146752565248>
>
> 7) Uh oh. This is an unfortunate document for Russia to stolen from
> under the noses of the DNC.
>
> 25 retweets29 likes
> Reply
> Retweet
> 25
> Like
> 29
> More
> 11.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743197064843104257>
>
> 8) Lol. Russian #*opsec*
> <https://twitter.com/hashtag/opsec?src=hash> fail.
>
> 65 retweets76 likes
> Reply
> Retweet
> 65
> Like
> 76
> More
> 12.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743199185596465152>
>
> 9) Better #*opsec* <https://twitter.com/hashtag/opsec?src=hash> in
> the "NatSec & Foreign Policy" doc. Attackers using VMs to open some
> (but clearly not all) docs
>
> 10 retweets12 likes
> Reply
> Retweet
> 10
> Like
> 12
> More
> 13.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>17h17
> hours ago
> <https://twitter.com/pwnallthethings/status/743200699975086083>
>
> 10) Files from Russian Intelligence Agencies can contain viruses.
> It's safer to stay in Protected View
>
> 11 retweets19 likes
> Reply
> Retweet
> 11
> Like
> 19
> More
> 14.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>16h16
> hours ago
> <https://twitter.com/pwnallthethings/status/743201610235514880>
>
> 11) Document #5 leaks via tracked changes (thx @*TheCyberSecExp*
> <https://twitter.com/TheCyberSecExp>) but it's not very interesting,
> and likely not hacker
>
> 5 retweets9 likes
> Reply
> Retweet
> 5
> Like
> 9
> More
> 15.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>16h16
> hours ago
> <https://twitter.com/pwnallthethings/status/743203462683496448>
>
> Pwn All The Things Retweeted Peter Johnson
>
> 12) To clarify: leak is the RU-lang settings, not name (cover name
> references "Iron Felix"
> https://en.wikipedia.org/wiki/Felix_Dzerzhinsky…
> <https://t.co/E14IjtJv9b>)
>
> Pwn All The Things added,
>
> *Peter Johnson*@alcebaid
> @*pwnallthethings* Felix is really a pseudo
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743203462683496448>
> 5 retweets9 likes
> Reply
> Retweet
> 5
> Like
> 9
> More
> 16.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>16h16
> hours ago
> <https://twitter.com/pwnallthethings/status/743208737469509632>
>
> Pwn All The Things Retweeted (((davi - 德海)))
>
> 13) Another #*opsec* <https://twitter.com/hashtag/opsec?src=hash>
> fail. (This happened because they did an Export as PDF, and then
> later saved, w/ lang set to RU)
>
> Pwn All The Things added,
>
> *(((davi - 德海)))*@daviottenheimer
> @*pwnallthethings* "error! invalid hyperlinks" in Russian...
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743208737469509632>
> 25 retweets27 likes
> Reply
> Retweet
> 25
> Like
> 27
> More
> 17.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>16h16
> hours ago
> <https://twitter.com/pwnallthethings/status/743209989217587200>
>
> 14) Tldr: this "lone hacker" uses many VMs, speaks Russian; username
> is founder of USSR secret police & likes laundering docs via Wikileaks.
>
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743209989217587200>
> 64 retweets62 likes
> Reply
> Retweet
> 64
> Like
> 62
> More
> 18.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>16h16
> hours ago
> <https://twitter.com/pwnallthethings/status/743211918995951616>
>
> 15) Spot the difference: Left: doc sent to Gawker (page 210). On
> right, same page in
> https://guccifer2.wordpress.com/<https://t.co/AqXxuUwzS0>
>
> 13 retweets18 likes
> Reply
> Retweet
> 13
> Like
> 18
> More
> 19.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>15h15
> hours ago
> <https://twitter.com/pwnallthethings/status/743221774725300224>
>
> 16) Tangentially related: "VantageUploader" is the tool DNC use to
> share vids. JWT arg leaks author email in base64.
>
> 4 retweets12 likes
> Reply
> Retweet
> 4
> Like
> 12
> More
> 20.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>15h15
> hours ago
> <https://twitter.com/pwnallthethings/status/743226558412918788>
>
> 17) Final piece of metadata: Creation date and software used to turn
> DOC into the Gawker PDF (note: could be journo)
>
> 4 retweets8 likes
> Reply
> Retweet
> 4
> Like
> 8
> More
> 21.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>15h15
> hours ago
> <https://twitter.com/pwnallthethings/status/743228802646573060>
>
> 18) Metadata from the various docs
>
> 5 retweets3 likes
> Reply
> Retweet
> 5
> Like
> 3
> More
> 22.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>15h15
> hours ago
> <https://twitter.com/pwnallthethings/status/743230570440826886>
>
> Pwn All The Things Retweeted Florian Wagner
>
> 19) @*_fl01* <https://twitter.com/_fl01> points out "Grizli777"
> indicates that pirated Office (2007) was used by the hacker.
>
> Pwn All The Things added,
>
> *Florian Wagner*@_fl01
> @*_fl01* @*pwnallthethings* Get it now ;) »Grizli777«'s cracked MS
> Office seems 2b popular among Russians and Romanians.
> 1.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>14h14
> hours ago
> <https://twitter.com/pwnallthethings/status/743232989602156546>
>
> 20) Extra data-point: Author on The Smoking Gun's PDF is
> different again. (good chance this is TSG's journo)
>
> 4 retweets6 likes
> Reply
> Retweet
> 4
> Like
> 6
> More
> 2.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>3h3
> hours ago
> <https://twitter.com/pwnallthethings/status/743408033691279361>
>
> 21) Missed this yesterday, but the hacker contacted TSG (and
> probably Gawker) via a GMZ.us (anoymous) email addr
>
> 7 retweets3 likes
> Reply
> Retweet
> 7
> Like
> 3
> More
> 3.
> *Pwn All The
> Things*@*pwnallthethings*<https://twitter.com/pwnallthethings>2h2
> hours ago
> <https://twitter.com/pwnallthethings/status/743416709281898496>
>
> Pwn All The Things Retweeted CrowdStrike
>
> 22) A weak data point, but @*CrowdStrike*
> <https://twitter.com/CrowdStrike> also says Guccifer2.0 doesn't
> change their attribution of #*DncHack*
> <https://twitter.com/hashtag/DncHack?src=hash> to Russia
>
> Pwn All The Things added,
>
> *CrowdStrike*@CrowdStrike
> New hacker claims credit for DNC hack. CrowdStrike fully stands
> by attribution to Russian government
> https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/…
> 1 retweet4 likes
> Reply
> Retweet
> 1
> Like
> 4
> More
> *View conversation*
> <https://twitter.com/pwnallthethings/status/743230570440826886>
> 6 retweets12 likes
> Reply
> Retweet
> 6
> Like
> 12
> More
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list