[Busec] Report on Russian hacking

Hristo Stoyanov htstoyanov at gmail.com
Wed Jan 4 02:47:43 EST 2017


Here's some actual details based on the csv and xml published alongside the
written report:
https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/

Conclusions: old freely available malware, incredibly wide variety of
countries making up the IP addresses given as a source of the attack.
Hence, that data is as evidence-free as the written report. I believe
(correct me if I'm wrong), there is no other data available from the USG.
Only (very) pointed accusations against a certain country.

However, what would be good technical details that show attribution?
Russian documents/emails that order/discuss/report on the attack (perhaps
with some signatures :)) would definitely cut it. What else?

- Hristo

2017-01-03 13:10 GMT-08:00 Ari Trachtenberg <trachten at bu.edu>:

> Yes, the crowdstrike report is much more interesting, but, at this point,
> rather dated.
> What it doesn't include is evidence of attribution to the Russian
> government (just
> some suggestive information about the slickness of the attack and a belief
> of
> some link).  Has anyone seen public technical details in this realm?
>
> best,
>         -Ari
>
> > On Jan 3, 2017, at 2:32 PM, Ethan Heilman <eth3rs at gmail.com> wrote:
> >
> > With the exception of the attribution of individual hackers the
> > DHS/FBI report is almost entirely detail free. The crowdstrike report
> > provides many of the missing details:
> > https://www.crowdstrike.com/blog/bears-midst-intrusion-
> democratic-national-committee/
> >
> > One interesting tidbit in DHS/FBI report was that it blame Slavik of
> > Zeus Gameover fame.
> >
> > On Tue, Jan 3, 2017 at 2:08 PM, Ari Trachtenberg <trachten at bu.edu>
> wrote:
> >> Somehow I'm missing the description ... I just see generic malware
> >> information on a popular web shell tool and
> >> generic mitigation strategies.  If anything, the suggests a *lack* of an
> >> actual smoking gun.
> >>
> >> best,
> >> -Ari
> >>
> >> On Dec 29, 2016, at 5:56 PM, Scheffler, Sarah, Ann <sscheff at bu.edu>
> wrote:
> >>
> >> This is a joint report written by DHS and the FBI, and it's the first
> actual
> >> decent description I've found of the Russian hacking that's been all
> over
> >> the news, and I figured y'all might be interested in reading it:
> >> http://www.nytimes.com/interactive/2016/12/29/us/
> politics/document-Report-on-Russian-Hacking.html
> >>
> >> Happy last-two-and-a-half-days-of-2016,
> >> Sarah
> >> _______________________________________________
> >> Busec mailing list
> >> Busec at cs.bu.edu
> >> http://cs-mailman.bu.edu/mailman/listinfo/busec
> >>
> >>
> >> —
> >> Prof. Ari Trachtenberg
> >> Electrical and Computer Engineering
> >> Boston University
> >> trachten at bu.edu
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Busec mailing list
> >> Busec at cs.bu.edu
> >> http://cs-mailman.bu.edu/mailman/listinfo/busec
> >>
>
>> Prof. Ari Trachtenberg
> Electrical and Computer Engineering
> Boston University
> trachten at bu.edu
>
>
>
>
>
>
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu
> http://cs-mailman.bu.edu/mailman/listinfo/busec
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20170103/288c5abe/attachment.html>


More information about the Busec mailing list