The joint FBI-Homeland Security NCCIC report was declassified and released earlier this week. It reflects what we’ve been told in the Obama media including The Washington Post and NY Times.
The 13-page analysis report deals with the federal investigation into the Russian government hacking Democratic Party organizations. The report is titled “Joint Analysis Report” (JAR) and refers to the Russian hacking campaign as “Grizzly Steppe”. It links “Fancy Bear” and others to the Russian Intelligence Service but is short on evidence.
The attacks allegedly came in two waves, one in 2015 and another in November 2016. It shows Obama did nothing about this alleged hacking since the summer of 2015. It doesn’t explain why Obama told Putin to “cut it out” in September 2016.
Obama originally said there was no evidence the election was hacked or had any effect. President Obama said in a press conference this month that Russia stopped “tampering” with the U.S. election in early September after he told President Vladimir Putin to “cut it out.”
President Barack Obama reportedly told Russian President Vladimir Putin in October that directly interfering with the U.S. election could result in an “armed conflict.”
Obama’s agencies doing the reporting are politicized and they are untrustworthy. They have a reputation for manipulating evidence as they did over the threat of ISIS and the progress of our war. That incident came to a head when dozens of intelligence operatives came out and complained about it.
Jeh Johnson said hacking by Russians or any actor didn’t affect the ballot count. As far as the disclosures affecting public opinion, he said, “that is beyond my expertise”. It’s important to mention this since 54% of Democrats, according to one poll, seem to believe the Russians hacked the machines.
It also does not mention Wikileaks ANYWHERE.
The disclaimer is what one might describe as “lame”. Who would bother reading further, much less regard it as gospel as Obama wants us to do.
The report rather liberally and helpfully lists names for “Reported Russian Military and Civilian Intelligence Services” , including APT28, APT29, COZYBEAR, COZYDUKE, FANCYBEAR, and so on.
The report states that the Russian Intelligence Service (RIS) launched cyber operations against the US government and its people, including the use of “spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information”.
APT28 and APT29, they say, are RIS. Trust them because there’s no evidence in this report to prove it.
Podesta said he fell prey to a phishing incident and the report conveniently suggests that is where the email leaks came from. It also implies the DNC was hacked the same way. The DNC could have been hacked by anyone since they had NO protections on their system.
RIS, the report reads, sends “host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.”
It continued, “In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.”
We are certain most nations do all of the above and do it often but, again, there is no evidence.
This is typical and common hacking activity. Who are the APT28 and APT29 they claim are Russian? They could just as well be a couple guys operating from their mother’s basement while sitting in their underwear. We have no evidence to the contrary in this report. They say they have technical indications and signatures and include two screenshots as proof.
Terms on the screenshot: PHP webkit is boilerplate and Yara is a tool designed to help malware researchers identify and classify malware samples. It’s been called the pattern-matching Swiss Army knife for security researchers (and everyone else).
They say the IOCs are associated with the Russian intelligence but provide no evidence. While the indications are there if one takes them at their word, one would hope they have more evidence than this before the president starts a Cold War with a nuclear nation.
Most of the report focuses on how to avoid becoming a victim with cut and paste suggestions from other sources.
When you consider how serious the repercussions could be, you must wonder why the report doesn’t include more hard evidence. It’s also difficult to believe the Russian Intelligence Service left signatures.
What are we going to do with all the other nation’s hacking from around the world? Are we going to stop hacking others?
You can read the report below on scribd.
As an aside, the December 16 report from the Director of National Intelligence is a regurgitation of the October 7 report.
— WikiLeaks (@wikileaks) December 30, 2016