Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

The Russia Investigation: No Way It's a 300 lbs Hacker in a Basement


Yes, We Can Know the Russians Interfered in the 2016 Election. Here's How.

Understanding how the Russians interfered in the election involves Computer forensics and counter-espionage. It also does not help that new information keeps being discovered. You know this is the third time I started this article and had to start over.  Hopefully, third times the charm.

Let’s start with how we know it was the Russians were the Hackers.

First off, how you can tell which computer the hacks come from? In any two-way communication, both parties must give a way to identify each other. In other words, each needs to give the other a form of address (mailing address, email name, phone number, etc.). That no different when computers talk, in fact, it’s called an ‘ip address’, This is how Google can figure out where your computer is without a GPS. It’s not always good enough to find your computer or house, but it can get within a few blocks. It definitely will tell what country the computer is in.

And it can’t be faked (or ‘spoofed’ as us techies call it). Otherwise, the two computers can’t talk to each other. However, there is a problem. Hackers don’t want to be tracked, so they route through other computers. They hack into one computer and then do all their others hacks from there. In fact, the main reason a hacker may be interested in your computer or mine is not for what’s on it, but so their hacks get traced back to us. While we may see an ip address from Russia, it could be from a hacker in the US. (Though most of the times it’s the other way around.)

However, while you can’t look at an ip address and know the hacker’s computer, they can’t change computers too often so you can know if it’s the same hacker.

And, so brings the next forensic techniques. Hackers are profiled just like serial killers. You may not know how who they are right away, but you track them by the specific way a hacker hacks: what computers used, what software use, who they target, what vulnerabilities exploited, etc. The software left by the hackers (malware) can also be examined for clues. This includes common byte patterns (which indicates the use of the same code) and coding comments which can even show the native language of the programmer.

Now a part that gets confusing. These profiles are tracked by different governments and private companies, and so can have more than one name for the same profile. The two groups connected to the DNC and Podesta emails, Cozy Bear and Fancy Bear, were also known by the memorable names of APT29 and APT28, and many others. Depending on when the news stories where written you can see all these names and understandably be confused.

OK. This is really important to remember. Hackers rarely work alone. Despite, the movies and stories of lone hackers, nowadays hacking is too complicated and time-consuming for individuals to do. And having a team of skilled individuals focusing on the same objective costs money. Serious hacking is not a hobby. It's a job.

That’s' why most hacking groups belong to criminal organizations. And it gets worse for the lone hacker. Once hacking is discovered, companies can fix their software to prevent them. That's part of those monthly updates you are always getting, and why you want to keep your software updated. What this means is that criminal hackers must continuously find new ways to hack. Again, why they can't do it for free and can't do it alone.

There are also 'white hat' hackers who work for universities, research groups, or security company. Though they don't actually hack computers. They look for tricks criminal hackers (black hats) may use. (Us techies call these tricks 'exploits'.)  However, a single exploit is usually not enough to hack a computer. You need several exploits each attacking a different aspect of security: getting past firewalls, avoiding detection, etc. Many exploits are caught before hackers can use them, or even before it’s proven that they are practical. Sometimes its just pure research, and sometimes exploits are sold to the vulnerable company. There is also a black market of exploits.

In other words, hackers are indeed part of broad industry mostly populated by small and large businesses. They are ruled by economics as much as by technology.

One consequence is that criminal hacker must hack in mass, looking for those who have not updated their computers and maximize profit before their hacks are discovered. So then ask yourself, if an individual is hacked with no way of making money, who could do that? Who can engage in expensive endeavors without making money? Governments obviously, and, in particular, intelligence agencies and the military. In other words, spies.

Spies hack differently than criminals. Criminals usually try to get their money as fast as they can, expecting to be discovered. Spies don't need to make money, but the secrets they steal will lose value if the hack is ever found. Often spies have custom software created by government agencies (like the NSA and GRU) that won't be detected by as would other exploits (hopefully).

So now, you can see that within the white/black hat hacking industry, there is a hidden cat and mouse spy game going on, and when spy hackers are discovered, they can be distinguished from your typical criminal hacker. And as with all other espionage, these hacker spies can be identified just as you would non-hacker spies: surveillance, informants, who profit from their activities, etc. Cozy Bear and Fancy Bear have been being observed by intelligence agencies (and not just US) for years and linked to several Russian operations. Some of the targets include NATO, Georgia, and the Ukraine military. Now, who would want to do that?

Saying we don’t know that the Russians are responsible for the Hillary Campaign and DNC are like saying the police cannot tell the difference between a mugger and a bank robber.

Now there is another way the spies acted differently than others. I said before spies want to keep the stolen secrets secret. What I should have said is that they don’t want their stolen secrets known until they are ready. China hacked Obama's ad McCain’s campaign. However, they never released what they stole or used it to interfere in the election. They wanted the information to better predict and negotiate with the next president. However, the Russians did release what they stole, timed to interfere with the election. That added more evidence that it was Russia.

To release the information, they had to set up accounts that can be traced. Granted they were fake and created by fronts, but with subpoena power and cooperation you will get more clues to the source. Even more damning is that you must keep this account and the computers you are releasing them from around longer. In fact, servers leased to front companies were used, not just randomly hack computers. (I speculate that was because you can’t move the vast amounts of data they had undetected on just any computer.)

Now we get to the Russian propaganda campaign.

Let’s start by saying this is not new. Since, even before the Cold War, Russia has been using espionage to interfere with other countries elections. So have we for that matter. England did so to us in 1940 to keep us in WWII.

Basically, you pretend to be a member of the country (or coop existing members) to politically advocate something you want, undermine the existing government, or just cause chaos. The main idea is that to make your action look like they are coming from within the country instead of outside the country. The big difference today is that you can supercharge it with computers.

You may or may not know that I maintain several emails address. You probably do as well, say one for home and one for work. And you probably have a few email addresses that you don’t use. For example, your internet provider probably gives you one that you ignore. And that also means it’s not hard to have a couple of Facebook, Twitter, and other social media accounts. Which means you can ‘follow’, ‘like’, and ‘retweet’ yourself. I have.

There is a good reason for doing that. Sometimes I want the same post to go to a different audience. Sometimes what I post can look different when viewed from other accounts, so I follow myself to check. That, however, can make it look like I’m twice as popular as I am. So, I do it judiciously. But, what if I wasn’t scrupulous. Everything I post will have twice the ‘likes’ and always have at least one retweet. And why stop there. I could set up 10 accounts and be 10 times as popular. Of course, after a while, it would be too laborious, but then it would not be that hard to write a computer program to do it for me. Then I could be 1000, 10,000 times as popular. There is no limit. If I’m willy enough, I could have every one of my posts be so popular they rise to the top of every Facebook and Twitter list. I could be more influential than a Kardashian.

But of course, Facebook and Twitter don’t want me to do that. They have software (and maybe people) always looking for ‘non-human’ behavior to catch precisely this. But, the Russian government had an easy workaround: hire real people. Russia maintains troll farms or web brigades, groups of people employed to perform influence operations. In other words, spread propaganda posing under false identities on the Internet. And again, we can track them back to the Russian GRU through all the techniques I discussed: computer forensics, profiling, and espionage.


So, now I’ve explained how we discovered the Russians interfered in the 2016 election. Next, I’ll go into detail into exactly what happened.


This post first appeared on The Gadfly Scholar, please read the originial post: here

Share the post

The Russia Investigation: No Way It's a 300 lbs Hacker in a Basement

×

Subscribe to The Gadfly Scholar

Get updates delivered right to your inbox!

Thank you for your subscription

×