undefined | Better HN

0 pointsarca_vorago8y ago0 comments

You are taking crowdstrike at their word. I don't. I see hearsay, I don't see any evidence. Just because a private company paid by the DNC says, "that's what we found", along with a few (advanced persistent threat) wordsalad, doesn't show us jack shit. On top of that, most of networking type guys know, especially with some of the more recent attribution-faking tool leaks, that attribution is not that fucking easy. So they have some cyrillic and some IP's in russia? Probability goes up, yes, but acting as if the question is answered and as if it's silly anyone questions it still is ridiculously intellectually dishonest. The DNC got caught being shady as shit if not illegal, and when they got caught, then lost the election, they turned the narrative against to Russia. It's like #3 in the classic machiavellian realpolitik media pr propaganda playbook. Crowdstrike has a lot of ties that make it's output even that much more questionable (the same report from anyone would get the same response, but their connections make them deserving of extra scrutiny.)

http://old.warisacrime.org/content/obamas-last-chance-face-d...

https://www.linkedin.com/pulse/crowdstrike-needs-address-har...

http://g-2.space/

https://www.opensecrets.org/orgs/summary.php?id=D000000801

https://www.opensecrets.org/orgs/summary.php?id=D000031277

https://www.welivesecurity.com/wp-content/uploads/2016/10/es...

https://i.imgur.com/O9z33Dq.png

C&C server IP Addresses 185.106.120.101 185.86.149.223 31.220.43.99 5.135.183.154 69.12.73.174 89.32.40.4 92.114.92.125 93.115.38.125 131.72.136.165 167.114.214.63 176.31.112.10 176.31.96.178 192.95.12.5 46.183.216.209 80.255.10.236 80.255.3.93 81.17.30.29 95.215.46.27

Netherlands, France, Canada, Latvia, Germany, Switzerland and Sweden, US, Bulgaria.

Notice an absence of a country?

Fun Bonus: All this reveals the corporate nature of parties!(that's their defense for not handing over the servers/drives.) Part of the corruption, both of them!

PS. I shouldn't have to point this out, but in this climate of hysteria I think it might be necessary. Just because there are technical doubts about the DNC-Russia story, doesn't mean those doubts can be used to deny or affirm any other possible US-Russia espionage issues such as collusion, coercion, etc.

0 comments

nl8y ago

What could possibly convince you?

We have a pretty well respected company saying "this is what we found", before anyone knew how important it would end up being.

The links you have posted appear to be a fairly random set of unrelated things that I guess are supposed to undermine the report, but to me they look.. unrelated?

The OpenSecret links aren't for CrowdStrike.

https://www.opensecrets.org/orgs/summary.php?id=D000000801 is for Warburg Pincus and shows are very even mix of Republican and Democratic recipients.

https://www.opensecrets.org/orgs/summary.php?id=D000031277 is for Accel Partners, and again shows an even spread, with the exception of a $176,580 donation to Right To Rise USA which is a Jeb Bush SuperPac.

The rest seem.. I don't even know what to say about them. https://i.imgur.com/O9z33Dq.png is just a ToC of report??

arca_voragoOP8y ago

>pretty well respected company

Not well respected, especially after their multiple past fuckups.

>fairly random set of unrelated things

VIPS report, relevant donation information of crowdstrike affiliated persons, a report from a third-party who crowdstrike allowed to look at data... not unrelated at all.

A start for transparency to relieve skepticism would be to release the data that shows the C&C ip's match past Russian affiliated attacks. That's what it boils down to, Crowdstrike claims that those ip's match a past or known group of Russian pivot servers, but haven't offered the data to verify this.

I have training in computer/network forensics. Do you?

sigmar8y ago

A few points:

>Not well respected

Did you criticize Crowdstike before the 2016 election? Because they're very highly regarded.

>You are taking crowdstrike at their word.

You don't have to trust Crowdstrike, as there are other organizations that did analysis. Most of my links were not from Crowdstrike.

The analyses do not rely solely on C&C IPs, and the fact that you keep harking on that makes me think you haven't read those links. There's lots of TTP and malware analysis.

>that's their defense for not handing over the servers/drives.

It is extremely common for groups to share imaged versions of a computer.

1 more reply

j / k navigate · click thread line to collapse