Tuesday, September 4, 2018

Will Russians hack elections again?

Well, if they do, it won't be "again."

There has been no evidence presented that the Russians did anything in 2016 save the normal spying all the "great" powers do to each other. And what they are accused of doing makes no sense. For example, we are told that the Russians had penetrated the Democratic National Committee (DNC) network by the summer of 2015, but all the FBI did was call the DNC computer help desk which did a quick check and finding nothing, forgot about it.

There was a second penetration of the DNC severs in the spring of 2016, which took much of the same material as the first one but was so incompetent that even the DNC noticed. Crowdstrike, a computer security firm was called in.  That led to the first very successful penetration finally being spotted, and both were supposedly cleared by completely nuking and rebuilding the DNC network (including each and every computer) in mid-June. Three days later, the head of the private security firm that cleared the system, who happens to be a Russian emigre who is active in anti-Putin groups, published all the details in the firm's blog.

Several things. First the FBI considered this sort of spying routine and could not even be bothered to walk the half mile to the DNC offices to discuss it with them. The reason they thought it was the Russians is because data was being sent to an IP address they thought was connected with Russia. That was all.

And having completely owned the DNC network by capturing or creating an admin login, Putin (and supposedly he ordered it personally) sends in a second group, who are so incompetent even the hapless DNC staff notices. That's simply not believable. It is a violation of the most obvious norms for spying to send in a second operation on top of one that already is getting *everything*.

The penetration is so sensitive that a private security firm headed by a Russian national takes care of it, not the FBI, NSA or CIA. Really?

And then contrary to even the most obvious principle of counter-espionage, full details are put on a blog three days later by the anti-Putin Russian who --what a coincidence!-- says it was Putin. And that way Putin can know how much we know and how we figured out it was him.

Meanwhile at Hillary headquarters top dog John Podesta gets an email claiming his gmail password has been compromised and please click here to change it. An aide checks with someone more competent in computers who tells them to follow this other link to change the password (the real link to Google) and to turn on two-factor authentication. So Podesta's people dig up the original phishing email, follow the fake link, give away access to the email account, and do not turn on two factor authentication.

This, we are told, was a sophisticated Russian attack called "spear phishing." But actually what was really involved is that Podesta and his people were brain dead. There can be no security mechanism that can cope with that level of stupidity.

Russians? It was probably a middle school student having fun with her iPad. Or the equivalent. Because a really serious intelligence operation would have used the penetration to get access to Hillary's network. But they didn't. They just took Podesta's emails from gmail servers.

Then the Russians take the stuff and leak it. The Russians could have leaked the secret contracts showing the DNC was in the tank for Hillary in February or March. Their slogan would have been  "Anybody but Hillary." But if they were going to try to knock her out, that was the moment to do it. Either that, or in October, with a classic October surprise.

But instead they give it to Wikileaks in the middle of the summer. They could have leaked it to the New York Times, CNN, the Guardian -- none of them would have refused the material and the Russians could easily have covered their tracks. The obvious explanation of why it went to Wikileaks is because almost certainly it wasn't the Russians but a lone hacker, perhaps an inside job, and Wikileaks has ways to receive leaks securely and anonymously, which major press outlets do not.

Well, the Russians were pretending to be a lone hacker. But if this was their cover story, it is idiotic to let the false story they were developing get in the way of using the devastatingly compromising material they got on Hillary in the most effective way.

The Facebook plot is even more ridiculous. The Kremlin was going to spend literally thousands of dollars, perhaps hundreds of thousands, to influence an American election. Really? A billion dollars or more were spent on the election. And the Russians supposedly thought they could make a difference?

And, again, absolutely no evidence of the nefarious Russian schemes has been given to the public.

Could the Russians have done anything more serious? You be the judge:

A couple of weeks ago at the annual Defcon hackathon in Las Vegas it took an 11 year old girl 10 minutes to hack into a  replica of the Florida statewide election system. Someone else took only two minutes to hack the voting machines being used in 18 states. Of course it's not fair to compare. The two minute hack was done by Rachel Tobac who is an adult and has her own security firm.

Supposedly the Russians, determined to have Trump instead of Hillary, passed on the obvious and multiple vulnerabilities that had already been covered in the U.S. press and instead focused on trolling with a half dozen invented characters and a couple of stolen identities which they needed to pay for Facebook Advertisement.

For sure. I honestly and sincerely believe that Ms. Goody Two Shoes, KGB Colonel Vladimir Putin, could not bring himself to steal the election and merely sought to influence the outcome.

Not.

No comments:

Post a Comment