CIA Leak: "Russian Election
Hackers" May Work In Langley
By Moon Of Alabama
March 08,
2017 "Information
Clearing House"
- "Moon
Of Alabama"
- Attribution of cyber-intrusions and attacks is
nearly impossible. A well executed attack can not be
traced back to its culprit. If there are some trails
that seem attributable one should be very cautions
following them. They are likely faked.
Hundreds if
not thousands of reports show that this lesson has
not been learned. Any attack is attributed to one of
a handful of declared "enemies" without any evidence
that would prove their actual involvement. Examples:
In
June 2016 we warned
The Next "Russian Government Cyber Attack" May Be A
Gulf of Tonkin Fake:
All one
might see in a [cyber-]breach, if anything, is
some pattern of action that may seem typical for
one adversary. But anyone else can imitate such
a pattern as soon as it is known. That is why
there is NEVER a clear attribution
in such cases. Anyone claiming otherwise is
lying or has no idea what s/he is speaking of.
There is
now public proof that this lecture in basic IT
forensic is correct.
Wikileaks
acquired
and published a
large stash of documents from the CIA's internal
hacking organization. Part of the CIA hacking
organization is a subgroup named
UMBRAGE:
The CIA's
Remote Devices Branch's
UMBRAGE group
collects and maintains
a substantial library
of attack techniques 'stolen' from
malware produced in other states including the
Russian Federation.
With UMBRAGE and related projects the CIA cannot
only increase its total number of attack types
but also misdirect
attribution by leaving behind the "fingerprints"
of the groups that the attack techniques were
stolen from.
UMBRAGE
components cover keyloggers, password
collection, webcam capture, data destruction,
persistence, privilege escalation, stealth,
anti-virus (PSP) avoidance and survey
techniques.
Hacking methods are seldom newly developed. They are
taken from public examples and malware, from attacks
some other organization once committed, they get
bought and sold by commercial entities. Many attacks
use
a recombined mix of
tools from older hacks. Once the NSA's STUXNET
attack on Iran became public the tools used in it
were copied and modified by other such services as
well as by commercial hackers. Any new breach that
may look like STUXNET could be done by anyone with
the appropriate knowledge. To assert that the NSA
must have done the new attack just because the NSA
did STUXNET would be stupid.
The CIA, as
well as other services, have whole databases of such
'stolen' tools. They may combine them in a way that
looks attributable to China, compile the source code
at local office time in Beijing or "forget to
remove" the name of some famous Chinese emperor in
the code. The CIA could use this to fake a "Chinese
hacking attack" on South Korea to raise fear of
China and to, in the end, sell more U.S. weapons.
|
Break
Free From The Matrix
|
Russia did
not hack and leak the DNC emails, Iran did not hack
American casinos and North Korea did not hack Sony.
As we
wrote: "there is NEVER a clear attribution". Don't
fall for it when someone tries to sell one.
(PS: There
is a lot more in the new Wikileaks CIA stash. It
seems indeed bigger than the few items published
from the Snowden NSA leak.)
The
views expressed in this article are solely those of the author and do not necessarily
reflect the opinions of Information Clearing
House.
|
