iBankCoin
18 years in Wall Street, left after finding out it was all horseshit. Founder/ Master and Commander: iBankCoin, finance news and commentary from the future.
Joined Nov 10, 2007
16,222 Blog Posts

The FBI and DHS Issue Report Showing Juvenile Evidence of Russian Hacking

Are they seriously going to claim this 3-page report proves Russia hacked our elections?

Here are the juicy details, highlighted by retarded graphics, showing ‘adversary, neutral, and VICTIM spaces.’ In this ‘report’, the government claims Russian agents, labeled APT28 and APT29, hacked into a US political party. These hackers, apparently, have a long track record of hacking into governments, universities, think tanks, and corporations — on a global scale.

proof

Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security. This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.

These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.

Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns.

Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.

In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails.

In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure. In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.

Actors likely associated with RIS are continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election.

Color me ignorant, but does anyone see actual proof in this report?

If you enjoy the content at iBankCoin, please follow us on Twitter

49 comments

  1. gappingandyapping

    As an expert in this area and someone who runs an cyber intel team, this is laughable at best. Its a copy and paste job from FireEye and Root9b (former CIA/NSA guys bidding for US contracts). To blame Evgenyi Bogachev just takes the cake. This is equivalent to blaming Al Capone for the murders in Chicago. Pick the most famous criminal in XYZ location and blame him.

    • 3
    • 0
    • 0 Deem this to be "Fake News"
  2. riotact

    Que the Putin/Russia fanatics in 3,2,1….

    • 0
    • 0
    • 2 Deem this to be "Fake News"
    • Dr. Fly

      It’s spelled cue, but that’s ok. You’re an idiot.

      • 1
      • 0
      • 0 Deem this to be "Fake News"
    • UncleBuccs

      Well put your cue in queue…

      • 1
      • 0
      • 0 Deem this to be "Fake News"
    • skulduggery

      So if I don’t like something, I’m phobic, and if I do like something, I’m fanatical. Sounds like you have mastered the typical Progressive analysis. Bravo!

      • 2
      • 0
      • 0 Deem this to be "Fake News"
      • derp

        Yup. Those of us with some gray matter reject the false dilemma argument. But no one ever accused libtards of being smart.

        • 0
        • 0
        • 0 Deem this to be "Fake News"
        • frog

          Thanks for showing us liberals that we are correct. Because rather than argue with our points, all you can think of to do is hurl insults at us. Looks like we liberals are the ones with the gray matter.

          What a non-Winged web site this is, huh? Constant liberal bashing, all the time. Couldn’t be Right Winged, could it? No, Right Winged people never would bash liberals 24/7/365, would they?

          • 0
          • 3
          • 0 Deem this to be "Fake News"
  3. dcolella15

    Jesus. He really is trying to start a war before he leaves. What a fucking maniac.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  4. juice

    those look like recycled drawings of Saddam’s chemical weapons and nuke factories

    • 1
    • 0
    • 0 Deem this to be "Fake News"
  5. doubleplus

    The little skull and crossbones are pretty dope, though.

    • 3
    • 0
    • 0 Deem this to be "Fake News"
  6. stockslueth

    Wait…..The graphic has no Safe Space!

    • 1
    • 0
    • 0 Deem this to be "Fake News"
    • hattery

      I have a sneaking suspicion that someone somewhere made a parody graphic with a 400pound person in their bed behind the hack with layers of safe spaces he had to hack around.
      Possibly the character would look suspiciously like Michael Moore.

      • 1
      • 0
      • 0 Deem this to be "Fake News"
  1. Pingback: John McAfee: 'I Can Guarantee You, It Was Not the Russians' -

  2. Pingback: John McAfee: 'I Can Guarantee You, It Was Not the Russians' | Earths Final Countdown

  3. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ | NewZSentinel

  4. Pingback: John McAfee: 'I Can Guarantee You, It Was Not the Russians' | Timber Exec

  5. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ | StrikeEngine

  6. Pingback: John McAfee: 'I Can Guarantee You, It Was Not the Russians' - Telzilla

  7. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ | It's Not The Tea Party

  8. Pingback: John McAfee: 'I Can Guarantee You, It Was Not the Russians' | Domainers Database

  9. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ – Tradebudddy.online – Financial news from every major financial news portal in realtime

  10. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ | Equity 1 Group

  11. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’ | US-China News

  12. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats | ValuBit News

  13. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World’s Biggest Eye-Roll, Offers Hospitality To US Diplomats | US-China News

  14. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World’s Biggest Eye-Roll, Offers Hospitality To US Diplomats | NewZSentinel

  15. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats -

  16. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats | Earths Final Countdown

  17. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats | Timber Exec

  18. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats - Telzilla

  19. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World’s Biggest Eye-Roll, Offers Hospitality To US Diplomats | It's Not The Tea Party

  20. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats | Domainers Database

  21. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World's Biggest Eye-Roll, Offers Hospitality To US Diplomats - Investing Matters

  22. Pingback: Putin Responds To Obama Expulsion Of 35 Russian Diplomats With World’s Biggest Eye-Roll, Offers Hospitality To US Diplomats – Tradebudddy.online – Financial news from every major financial news portal in realtime

  23. Pingback: John McAfee: ‘I Can Guarantee You, It Was Not the Russians’

  24. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | US-China News

  25. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | Earths Final Countdown

  26. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians -

  27. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians - Telzilla

  28. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | NewZSentinel

  29. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | It's Not The Tea Party

  30. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | Domainers Database

  31. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | OSINT

  32. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians – Tradebudddy.online – Financial news from every major financial news portal in realtime

  33. Pingback: Julian Assange: "It Absolutely Wasn't The Russians". John McAfee: 'I Can Guarantee You, It Was Not the Russians'; - WorldHostExaminer | WorldHostExaminer

  34. Pingback: Washington Post Published Fake News Story About a Vermont Utility Getting Hacked by Russians | Rosehip