U.S. intel agencies’ report on ‘Russian hacking’ offers disclaimers, barely mentions Russia

(We did not write this article; original article is HERE)

As the White House and Treasury Department announced new sanctions against Russia over the alleged hacking of U.S. elections, the FBI and Homeland Security released a report that offered supposed proof amid an abundance of disclaimers.

Given the incongruous name of ‘Grizzly Steppe’, the Joint Analysis Report (JAR) on “Russian malicious cyber activity” issued by the FBI and the DHS National Cybersecurity & Communications Integration Center (NCCIC) on December 29 begins with the following disclaimer: The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.

Accompanying the report was a joint statement by the FBI, Department of Homeland Security and the Director of National Intelligence explaining that the “activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. government and its citizens.”

The actual words “Russia” and “Russian” are mentioned only three times, with just 11 instances of “RIS” – a custom, catch-all acronym standing for “Russian Intelligence Services” without naming any. Both the FSB – Russia’s equivalent of the FBI – and the GRU, Russia’s military intelligence, were put on the U.S. sanctions list on Thursday.

“The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party,” says the JAR, identifying the two as APT28 and APT29. There is no indication anywhere in the document that these two groups are in any way connected with the Russian intelligence services, however.

Even when detailing the efforts of the two purported hacker groups, the report uses vague and noncommittal language. For example, the actual political party allegedly hacked by the two groups is never identified:

“In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients… In the course of that campaign, APT29 successfully compromised a U.S. political party.”

“In spring 2016, APT28 compromised the same political party,” the report continues. “Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.”

This could be referring to emails and documents of the Democratic National Committee, which were made public by Guccifer 2.0 and WikiLeaks – both of whom have categorically rejected any claim of Russian hackers being responsible. It could also refer to WikiLeaks publishing emails from the private account of Hillary Clinton’s campaign chairman John Podesta, over the course of a month prior to the November 8 election. The JAR does not actually say so, however.

Nor does the JAR note anywhere that it was CrowdStrike, a cybersecurity company hired by the DNC to investigate the June 2016 data breach, that accused APT28 and APT29 – which they named “Cozy Bear” and “Fancy Bear” – of being Russian government entities. CrowdStrike has never offered any proof for this assertion, which the JAR merely repeats without attribution.

In addition to CozyBear and FancyBear, the 13-page report includes a list of more ridiculous names for alleged Russian hacker groups, such as CakeDuke, CrouchingYeti, Energetic Bear, EVILTOSS, OLDBAIT, and SEADADDY.

The second half of the report is focused on mitigation strategies, from backing up one’s data and changing passwords to information-sharing with the government and giving Homeland Security access to networks for “voluntary assessments” of vulnerabilities.

An appendix to the report lists hundreds of IP addresses and code the authors say are “used by Russian civilian and military intelligence services.” While some of the addresses are in Russia, others are in the U.S., and none of the data actually points to Russian involvement.

Obama’s report on Russian hacking is a ‘case of fake news and propaganda’

Commentary by Annie Machon, RT.com, Dec 30, 2016

An FBI and Department of Homeland Security report on Russia’s alleged hacking of the U.S. presidential election provides no evidence and is a case of fake news and propaganda aimed at undermining the legitimacy of Donald Trump’s election win, says former MI5 intelligence officer Annie Machon.

The Obama administration on Thursday, December 29 imposed a set of unprecedented measures against Russia over alleged attempts to influence the U.S. presidential campaign this year. The new sanctions were unveiled after the release of the report by the FBI and the Department of Homeland Security. However, the document significantly lacks specifics. It doesn’t explain how two hacking groups described are linked to the Russian government.

RT asked whistleblower, and former MI5 intelligence officer Annie Machon what she makes of the evidence.

“This is very much a case of fake news, shall we say. It seems to serve two ends as well,” Machon said.

“On the day when the Syria ceasefire is announced, which has been brokered by Russia and Turkey, this hacking story is the one that will run and run in America, not the ceasefire in Syria. It’s all going to be about these Russians and hacking the election and things like that.

“I think this is the first stage – this is why it was announced that the Russian diplomats were going to be expelled,” she said.

“On the second point as well, it is a mass expulsion – 35 diplomats being thrown out of the country with no proof, with no sort of real intelligence. I think that has also been done to gain the idea, to solidify in public’s mind in America that actually Russia was involved in hacking the election.

“Where has that ‘hacking’ phrase evolved from? We don’t know. It was originally just hacking the DNC [Democratic National Committee] e-mails. So I think it is a sort of two-pronged attack that has been carried out, that has been carefully announced today to achieve that,” she said.

“One further point from that in terms of trying to solidify the fact that the Russians interfered in the democratic process of America – is part of this ongoing process to try to undermine the legitimacy of the election of Donald Trump – the next president,” Machon said.

The Joint Analysis Report (JAR) on “Russian malicious cyber activity” issued by the FBI and the DHS National Cybersecurity & Communications Integration Center (NCCIC) on Thursday begins with a disclaimer which reads: “This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.”

According to Machon, the FBI and DHS are “just covering their backs.”

“They know it’s much rubbish…they are trying to blind people with science, but there’s no real evidence,” she said.

“Running in parallel to this is a more serious investigation that Barack Obama apparently asked the CIA to carry out into this alleged Russian hacking of the election. That report is due to be announced no later than January 20 next year,” Machon said, adding that the timing is “interesting” since it’s the date of President-elect Donald Trump’s inauguration.

The report by the FBI and DHS doesn’t give any warranties, which “points to the fact that it is pure propaganda and they know it,” Machon told RT.

Annie Machon is a former intel­li­gence officer for MI5, the UK Secur­ity Ser­vice. She resigned in the late 1990s with her ex-partner, David Shayler to blow the whistle on the spies’ incom­pet­ence and crimes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s