RE: Catching a hacker... how much does media play upon public ignorance?
Sure... writing software does not mean you used it to hack. You didn't make the web browser, but you're using it. You didn't make a word processor, but you probably use that.
That might have been your point.
As to hacking the FBI and such... if someone were doing that they would first hop through multiple countries then come at the FBI. The internet does not actually work the way it shows on tv and movies, and tracing internet traffic is not at all like tracing phone calls. There is none of this... keep them using the server for another minute.
You literally have to contact the people controlling the servers (unless you've hacked them)... pull their logs to see where connections came from... that will give you the next hop. You then go to that server... get access... pull logs... and repeat.
If they are smart and one of those servers happens to be a TOR, or Onion Router then there are NO LOGS.
You cannot catch them without compromising enough of those and setting up a long term sting. You can't do it from looking at a few servers after the fact unless the hacker in question was a complete moron, or IF the information is planted to seem legit to the public who have very little clue on how this stuff works.
When dealing with certain agencies which don't necessarily follow rules of law then it's more you have to prove you didn't. If you are a Russian who created a tool which just happened to be used in the DNC hack then nothing is going to stop the NSA and others from targeting you. No one will be able to protect you, your privacy will be lost for the rest of your life, and whether you had something to do with it or not isn't going to matter.
In a drag net it's guilty by association. You know the person who knew the terrorist? You made the tool which only serves the purpose of exploiting weaknesses in security and you happen to be from the same country as the IP addresses connected to the hack?
Do you really think you could prove your innocence in that scenario to the NSA?
Oh, yes I am aware of that. That is exactly what they would do as well.
The purpose of my post was mainly to shed some light on the way this stuff actually works so that people that don't deal with it on a regular basis will have a better context to make comparisons when there is talk about so-called evidence.
I have no doubt the agencies will do what you said. That is how they usually work. It's like Windows being used for hacking a server, so they blame Bill Gates or someone at Microsoft. If they can get away with it and it fits with their desired outcome they will definitely do it.
It will be harder for them to get away with though if more people know when it is likely bullshit or not.
I accept that I do not have access to the information to form any strong opinion on these subjects. The people who have security clearances are giving mixed reactions and providing me with no evidence. Unless I have a security clearance I have no way to know if the Russian government had anything to do with the DNC hack even if the hack were done by Russian citizens or Russian IP addresses.
Basically if the evidence is classified we have no way to form a conclusion on incomplete information. We can form conspiracy theories until enough information is released that we can narrow down the likely scenarios. The only thing very likely is Russian hackers did it, but the links to Putin and other stuff we don't have evidence for yet.
Correct... yet as a person (me) who does deal with hackers on at least a monthly basis I can and am telling you the type of information that is transmitted over the internet.
So you have IP Addresses and Logs as possible if you get access to the server, but that IP address could and likely is just the first HOP if the hacker has the slightest clue what they are doing.
The other thing you could have is testimony from someone in Russia that saw it, if those are strong testimonies.
You could also trace money if there was any exchange of money for the services.
The government hides TOO OFTEN behind things being classified these days.
I can think of no reason for this information to be classified. Not a single reason.
I don't buy into Appeal to Authority, and I know quite a lot about this aspect of security.
I do know if they are monitoring and trying to catch someone in the act, steps can be taken. After the fact though it doesn't really mean shit.
It'd be pretty easy to spoof and mock up IP address data, I can do that. Yet it won't prove who did it.
Hell until about 20 years ago I could send email saying it came from the whitehouse, I could even make it look like it came from Obama. They patched the issues with that... added a lot of security to lock that down.
Yet the rest of the internet was designed just as much without security as an issue on the basic IP traffic and doesn't really carry enough data to tell you everything you'd need to have to track someone after the fact.
I have similar knowledge to yours but the point I make still stands. I recognize the limits to my knowledge and am aware of my own ignorance. I do not have access to the classified information necessary to form an opinion on what happened. It is for lack of a better phrase a case of he said she said.
Maybe if politicians weren't so willing to lie to us it would be easier but the fact is that there could be political motivations behind some of what they say in the media. So we have different hypotheses about what could have happened and you can come up with evidence to support them. My current opinion is that it is likely the hackers were Russian but it's unknown whether or not they were state sponsored or had anything to do with the Russian government.
When I see news articles which say Putin ordered it or which talk about sources with access to classified information leaking to the press it is very hard for me to know what is or isn't true under those circumstances. My own logic would conclude that it is very likely that hackers made a mistake and the IP address or other information such as the tools used could link them to Russia. It doesn't from that information alone mean anything else.
Your hypothesis makes sense. So does the hypothesis of the other side who claim the Russian government authorized it. But unless I personally have access to the classified information or they release a declassified document so I can see with my own eyes there is no basis for me to form a strong opinion. My official stance is I do not form strong opinions with incomplete information.
I can respect that. I more or less agree with you. My doubts mainly form from a few things.
As far as Tor goes, I don't think Tor is as anonymous as people think. I'll go on record and say I do not think Tor can protect a hacker from the capabilities of the NSA or from the FBI. Too much can go wrong in the hardware and software even if Tor were implemented perfect. By design Tor is also flawed because it is vulnerable to stings and other attacks.
It is not perfect. It can be compromised but you need to plan for it. That is why I say a sting. You have to catch them in the act.
It cannot be done AFTER THE FACT like would be the case with these so-called Russian hacks.
I suspect it is being monitored continuously by the NSA and many other agencies. I also suspect many hackers who even download Tor from the official website are under some kind of monitoring just based on that. Of course I cannot prove anything I say so take it with a grain of salt.
Also TOR was just an example. TOR is just one networking stack designed not to keep logs, and to strip identifying information if possible from packets (it may not even do that). It is totally possible to role your own stack and build your own anonymizer if you compromise a machine with root access. You'd have to know what you are doing, but it is doable. So TOR is the most common and well known, but it does not use specialized hardware, it just uses techniques developed by that community and working on THEIR agreed standard.
I am not saying this happened. I am merely expressing it as an option.
In reality if it were a Russian citizen hacker they would probably use TOR. If it was a Russian State hacker and they were good I doubt they would. That is total speculation. That is all we can really do without access to information.
Yet I also do not believe this should be pushed like it is in the news PUBLICLY if it is classified.
It is then stirring up hostility and conflict with the only thing backing it being "trust us because we say it is the case" by entities that have proven untrustworthy.
The way you counteract it is by monitoring packets at various points around the world. If you can find the same pattern at different points and monitor it traveling for a bit you can use that to eventually identify entry and exit points from TOR.
Then you have to go through the process of talking to server admins, getting access to logs, etc.
There is no simple TRACE THIS ACTIVITY back to its origin unless you have compromised every hop between point A and B and know to be looking for it.