>For the DNC intrusion Cozy Bear primarily relied on a “SeaDaddy implant developed in Python and compiled with py2exe and a Powershell backdoor with persistence accomplished via Windows Management Instrumentation (WMI) system.” >That let the group “launch malicious code automatically after a specified period of system uptime or on a specific schedule,” said Alperovitch, who referred to the Powershell backdoor as “ ingenious in its simplicity and power.” >Fancy Bear, on the other hand, deployed X-Agent malware that could do remote command execution, file transmission and keylogging. >It also used a network tunneling tool for connections to NAT-ed environments, to execute remote commands.
They claim these are the marks of a state-acting hacking attempt Could a reasonably talented gray/blackhat accomplish this?
Inside job. Whistleblower set it up. How would a foreign agent even know the architecture of a well-secured system?
Brandon Lewis
>well secured system
they are just presenting some random malware, and what they actually claim is a government hacking, is actually phishing that occurs everywhere from everywhere. You could "prove" anything that way, is like testing bills for cocaine and get arrested for positive(when it is know all money has coke traces in it.)
Aiden Ross
>well-secured system This was DNC, not NSA. I'm not convinced that it was the russians though.
Michael Gomez
That's why I'm confused about it. Crowdstrike was paid by the DNC to investigate this and used this as evidence that it was likely a Russian state agent, because regular hackers wouldn't have the resources/talents to do this
It's pretty much the only real evidence I ever see posted
>because regular hackers wouldn't have the resources/talents to do this Yes they would. A single genius hacker is worth more than a dozen desk job losers, in dedication and understanding. That's why all the famous hackers get hired by agencies as soon as they finish prison.
In terms of computational resources, they can use as many compromised systems as they can infect.
Nathan Williams
>>What fucking hacker thinks "cozy bear" is edgy
F A K E
N
E
W
S
Matthew Howard
I'm inclined to agree with you Especially considering that one group had access for months while the other was in for like a week, but they allege both are Russian actors
Why send in a second person to target the DNC if they already had access?
Parker Lewis
That's another rebuttal Podesta's emails weren't leaked by these methods, even by their own admission
Jose Lee
Apparently, this started before Trump sealed the nomination
>The New York Times recently ran a story that concluded while all signs point to Russia in the DNC and Podesta hacks, the Russians only wished to cause chaos and disrupt the political process in America and not elect Trump. > It seems like all the attacks are being carried out against the Democrats and Hillary Clinton, so then how can you reach the conclusion that the Russians aren’t trying to elect Trump?
Many of these attacks were happening prior to the nomination of Trump. Based on that theory, people believe that there was a general plan for disruption, and it may be the case now that the easiest and best way to do so is in the manner you speak, but these attacks did not just start happening post-Trump’s nomination. So in that sense, there is a feeling that it’s not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.
Yeah, the DNC wasn't well secured and it probably has been compromised at multiple points. That said, whether these leaks came from any compromises remains to be established - i.e. it hasn't. No one has substantiated anything, and so far the better looking lead is Seth Rich and others handing the goods to WikiLeaks.
Caleb Wood
This
And no state-funded hacking agency will EVER name their virus with something that can be related to their own country. Speaking of the name, where exactly did they derive it from?
Austin Perry
That's actually a label put on by Crowdstrike, because they were being cutesy and subtly implied Russia (Bear) and combined it with their actual names
Sofacy == Fancy Bear CozyDuke == Cozy Bear
Brayden Phillips
There is still no evidence that links hackers to russian intelligence agencies much less that Putin was involved.
Wyatt Wilson
>they must be russian because their names are both bear
Asher Jones
I've been around this shit.
It was the fucking FBI. They have all types of malware that they employ. I even saw a crypto-locker type malware in order to hide evidence when the IT guy thought he found the source of the malware.
The issue with the Clintons is that FBI agents are check-mated by the Obama admin. That's why they had to use a 3rd party -- Wikileaks and others.
Otherwise, malware is big money and there are a lot of developers who do it on their free time for some extra cash (ad networks, corporate secrets, extortion).
IMO blaming Russia right-away is pure ignorance about the black and grey IT markets.
Joshua Young
It's an attempt to obfuscate. Anyone remember Guccifer 2.0? There's tons of disinformation being peddled.
Unlikely that the Russians would even want to be seen as a culprit and be stupid enough to leave a fingerprint.
Gabriel Jones
Yeah, even the staunchest of advocates that Sofacy and CozyDuke are Russian agents never have a response to Guccifer2.0
