Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsReleased Report on "GRIZZLY STEPPE" didn't mention why it was determined to be Russian
However that information HAS appeared elsewhere:
The issue has come to the fore in the 2016 U.S. presidential election. The Department of Homeland Security and the Office of the Director of National Intelligencea combined 17 intelligence agenciesissued a statement saying Russia was behind the election hacking.
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podestas email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other peoplesprimarily governmentsattribution that those previous attacks were Russian, then these attacks are definitely connected. Were talking about the same binaries, the same tools, the same infrastructure.
I understand you and your firm have spent significant time analyzing the DNC and Podesta hacks. What groups are responsible, and how did you determine attribution?
Weve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that its connected to a group that has two names. One is Sofacy, or Cozy Bear, and The Dukes, which is also known as Fancy Bear. From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they dont work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that
.
It is pretty clear judging by the indicators of compromise [IOCs]. The binaries that were used to hack the DNC as well as Podestas email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in attacks that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other peoplesprimarily governmentsattribution that those previous attacks were Russian, then these attacks are definitely connected. Were talking about the same binaries, the same tools, the same infrastructure.
I understand you and your firm have spent significant time analyzing the DNC and Podesta hacks. What groups are responsible, and how did you determine attribution?
Weve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that its connected to a group that has two names. One is Sofacy, or Cozy Bear, and The Dukes, which is also known as Fancy Bear. From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centered on UTC+3 or UTC+4; they dont work Russian holidays; they work Monday to Friday; there are language identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the profile. Now, could all those things be false flags? Sure. Other government entities obviously have come out and said it is the Russian state, and the binary forensics would definitely match that
http://www.thedailybeast.com/articles/2016/11/05/cybersecurity-expert-proof-russia-behind-dnc-podesta-hacks.html
https://twitter.com/MarlowNYC/status/814926627524186116
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 621 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (0)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Released Report on "GRIZZLY STEPPE" didn't mention why it was determined to be Russian (Original Post)
CousinIT
Dec 2016
OP
HoneyBadger
(2,297 posts)1. Cozy Bear and Fancy Bear
I cannot believe that these guys are still running around
Buns_of_Fire
(17,174 posts)2. I see Putin as "Big Bear"
But oddly enough, I don't see Trumpski as "Little Bear" -- or even "Gummy Bear" or "Scummy Bear".
I think he would be referred to as "Goldilocks." ("Someone's been sleeping in my bed and he left a hooker in there!"