The FBI-DHS hacking report shows that the malware used is outdated Ukrainian software that is easily blocked. The IP addresses are routinely blocked by ordinary virus protections. None of this has been tied to Russians.
Donald Trump Pushes Back on the Russian Hacking of Clinton Emails
The Russians might have hacked Clinton’s emails but what we are saying is the DHS-FBI report is a fake if it’s alleged to be evidence.
Donald Trump told reporters at a New Year’s Eve party that he knew “things that other people don’t know” about alleged Russian cyber attacks, which he would reveal “on Tuesday or Wednesday”.
“Hacking is a very hard thing to prove,” he told reporters at his New Year’s Eve party in his Mar-a-Lago private club in Florida.
We don’t need to wait until Tuesday or Wednesday as it turns out. The FBI-DHS report claimed the PHP malware is tied to the Russians. The only problem is it’s not and it’s available to anyone.
The FBI and DHS probably have a political science or creative writing major telling them what to write.
Maybe the FBI and DHS want to get caught lying.
Outdated Ukrainian PHP Malware Is All Russian Intelligence Could Find?
Wordfence, a popular and expert security firm for WordPress, analyzed the PHP malware sample contained in the DHS-FBI report.
Wordfence analysts note that DHS and DNI have released a joint statement that says the document “provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks…including IP addresses and a PHP malware sample.”
A detailed analysis of the PHP malware sample by Wordfence found that the sample is Ukrainian and it’s commonly available. Wordfence reported:
The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.
The IP addresses cited in the DHS-FBI report are commonly and routinely blocked by the Wordfence plugin. That’s a plugin websites can buy for $30 annually.
To sum up, the FBI and DHS want us to believe Russian Intelligence used outdated Ukrainian malware that is easily blocked by a little plugin used in ordinary websites, which routinely blocks the IP addresses cited, named after crazy bears and so on. In addition, this malware has not been tied to Russians.
People Who Jump on the FBI-DHS Bandwagon Look Ridiculous
The overall conclusion by Wordfence:
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship to Russian intelligence and it would be an indicator of compromise for any website.
Are we to believe the Russians hack using outdated Ukrainian malware that even a simple plugin can easily block and has actually been blocking for the past three years?
Senators John McCain and Lindsey Graham and others jumped on the bandwagon immediately. They look ridiculous, not having waited for more information. They may turn out to be correct but it’s not looking good for them.
If these guys are flabbergasted by this, we are in really bad shape unless there is more information we haven’t seen that would bring evidence to the table. However, to put this absurd report out and pretend it’s terrifying evidence is truly insulting.