Cyber: the DNC Hack

The DNC maintains a creepily-lighted shrine with their locked Watergate file cabinet and their unsecured, formerly internet-connected server. Not the same thing, genius.

There’s been a lot of noise about the Russians and the DNC hack — mostly, it’s Democrats and the press (but we repeat ourselves) trying to delegitimize the incoming administration, and mostly, it’s been conducted through the F-6 sources of press reports with anonymous sole sources, like the Washington Post report that the Post and its political fellow travelers call “the CIA report,” while actually it’s a sole anonymous source telling the Post what the CIA supposedly said. (The Post, you may remember, used a [probably nonexistent] sole anonymous source, without plausible access to tell the story of “Jessica Lynch, Amazon woman.” The author of that piece, Dana Priest, has never admitted fabricating the story but never produced a source, either, leading to the inescapable conclusion that Priest fabricated the story. She has never been held accountable).

An interesting dynamic happened in 2015. The FBI warned both parties that they were under attack. According to then-RNC head Reince Priebus on Meet The Democratic Press, the RNC then invited the FBI to work with its own geeks to secure the RNC servers, and the Republicans were not hacked.

According to the Times, the Democrats dumped the FBI call to a low-ranking, unskilled contractor — then they left him on his own to handle it. They left their server unsecure. Result, compromise.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks.

OK, so what did he do, like a good DC Millennial? You got it, he googled, and then resumed slacking off.

His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.

No, serious slacking off.

By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

“Like, how do I, like, know you’re a like real FBI agent, doooood? Thats what I tell girls in bars myself.”  Again, this loser is supposedly their cyber-D contractor. You know how to find out if somebody’s really from FBI? Ask for a meeting at the Field Office. Hey, even if you’re a plush-bottomed cyber Weeble unwilling to leave your Aeron chair, you can ask them to send you something from fbi.gov, and then check the headers to see if the address is forged. (If you don’t know how to forge a header and how to spot a forged header, you have no business within grenade range of a mail server).

From there, the Times story collapses into, mostly, the same unsourced stuff in the Post stories. If these guys make something up and repeat it to each other, they call that “corroboration.” That’s not how intelligence works.

It does come back to the tale of the incompetent Tamene and his incompetent 30-something supervisor, Andrew Brown. Tamene ran some over the counter tools — the DNC was not running an IDS, Intrusion Detection System — and thereafter decided that the FBI guy was a phony, lacking Tamene’s great wealth of knowledge, and wrote a couple of CYA memos, and quit taking calls.

Mr. Tamene’s initial scan of the D.N.C. system — using his less-than-optimal tools and incomplete targeting information from the F.B.I. — found nothing. So when Special Agent Hawkins called repeatedly in October, leaving voice mail messages for Mr. Tamene, urging him to call back, “I did not return his calls, as I had nothing to report,” Mr. Tamene explained in his memo.

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

There are some Democrats quoted by name, generally about the bad feelz that resulted when their misconduct, lying, or biting the hands that fed them got aired in public.

For the people whose emails were stolen, this new form of political sabotage has left a trail of shock and professional damage. Neera Tanden, president of the Center for American Progress and a key Clinton supporter, recalls walking into the busy Clinton transition offices, humiliated to see her face on television screens as punditsdiscussed a leaked email in which she had called Mrs. Clinton’s instincts “suboptimal.”

“It was just a sucker punch to the gut every day,” Ms. Tanden said. “It was the worst professional experience of my life.”

Well, you should probably either work for people you can say positive things about, or take care to stifle your impulses to criticize your lords and masters. Because anything put in writing is at the mercy of anyone who finds it. And anything put on an unsecured server — and from Hawkins’s phone call, the DNC knew they were unsecure, and they kept writing the sort of two-faced stuff they’re now angry about seeing in print.

Bear in mind that no fewer than five New York Times reporters were exposed in Wikileaks, coordinating their stories with the DNC or the Clinton campaign; and one non-Times hack, Glenn Thrush of Politico, who repeatedly gave Democrats the chance to shape his reporting, was hired as a Times hack as of this week. That’s what they’re looking for — partisan subservience. They seem to believe they have a right to collude, lie and slant their stories, and the people who exposed them (even if they’re Russians) are the only villains. Had the US lost the Cold War, every one of those would be licking the boots of their masters in the Soviet Ministry of Propaganda. If they didn’t aim higher than boots. (Hell, those who were old enough to be around pre-1991 probably spent the 70s and 80s doing it already).

Update

A British associate of Julian Assange says that it was not a hack, it was two separate insider leaks. Reported at ZeroHedge:

Update: David Swanson interviewed [Briton Craig] Murray today, and obtained  additional information. Specifically, Murray told Swanson that: (1) there were twoAmerican leakers … one for the emails of the Democratic National Committee and one for the emails of top Clinton aide John Podesta; (2) Murray met one of those leakers; and (3) both leakers are American insiders with the NSA and/or the DNC, with no known connections to Russia.

The US Intelligence services consider Assange to be under Russian control, so it’s anybody’s guess whether Murray’s statement is a Russian smokescreen, or absolute truth, and whether or not the leaker(s) exist. The effort to find them itself has risks — an organization can be rendered ineffective completely by a mole hunt. Where does security consciousness end, and paranoia begin? And don’t even paranoids have real enemies.

For your consideration: Russian cyber operators are laughing their asses off at the USA right now — whether or not they had anything to do with the hack, it’s a win for them.

35 thoughts on “Cyber: the DNC Hack

  1. Dave

    And as I recall, the DNC has not disputed the accuracy of the e-mails, only that they got caught. Then they wonder why they lost the election.

    1. 11B-Mailclerk

      They will speak about -anything- but the details of the content.

      If they are questioning the veracity, it is limited to “False, because Russians!”

    2. Aesop

      Precisely.
      But “Russian hack reveals truth about DNC” isn’t quite as sexy a headline as “Russians throw election by hacking DNC”.

      QED

      And the American people owe the Russians a couple of cases of the best vodka money can buy.

  2. Haxo Angmark

    Seth what’s-iz-name…the one who got a lead lozenge to the back of the head. A Sanders supporter, angry at the way the nomination was rigged for Hillary. He (was) the DNC leak. Either directly, or by giving up passwords via a phish. John “wet work” Podesta – in between pizzas – plugged the leak, but too late.

  3. Tom Stone

    Dave, they have not disputed any of the Emails and won’t because they are the real deal.
    I’m glad to see Hognose’s update, it seems very likely to me that Murray’s and Assange’s assertion that the emails came from a leak are accurate, at least as far as they know.
    As far as Russia hacking the DNC, you betcha.
    Podesta’s password was P@ssword and I’d be very surprised if the system wasn’t hacked by every nation state with an interest, possibly barring Zimbabwe.
    As far as who hacked HRC’s private server, everyone with an interest, almost certainly including Zimbabwe.
    I caught a few moments of 60 minutes driving today, “Russia Hacked the election!!!”
    I seem to recall Putin getting upset about US hacking of an election in 2011….Maidan?

    1. Y.

      Podesta’s password was P@ssword

      Please tell me you made that up. Pretty please.

      That can’t be true.

      :(

  4. Stephen McEwan

    Interesting to see that conservatives are taking Trump’s approach to the Russians – on your knees, with your mouth open.

    1. Chris W.

      Stephen McEwan, I think you’re on the wrong site – I believe you are looking for The Washington Post, Politico, or one of the many left-leaning Internet sites that cater to liberals. On THIS blog, we don’t attack each other like the multitude of offensive left and right leaning sites on the Internet. As an assurance that Hognose will be aware of your post, I’ll include this link:

      http://dailycaller.com/2016/12/13/a-clinton-campaign-aides-typo-allowed-hackers-to-access-john-podestas-email-account/

      Seems like Podesta is the one with something OPEN…

  5. Bon

    I love how all the media can talk about is the hack but refuse to talk about what was in the emails and maybe talk about how those two faced dnc high ups got caught setting the fix for Hrc. But no all they care about is Russians!

  6. Quill_&_Blade

    Hi, tin foil guy here, I was wondering if the first reaction by the DNC ‘security’ guy was that he did believe it was the FBI; but that he didn’t want them snooping around. Anyway, this is the third article I’ve read about this. The first is by a guy named Simon Black, says he used to work in intelligence. His piece is about “Fuzzy Bear” and “Fancy Bear phishing software.
    https://www.sovereignman.com/trends/former-intelligence-officer-on-the-bogus-russian-hack-20578/?inf_contact_key=b03124cadf529331e65023e1a86b9c3c3d93c0644bd6884eda7f309934fe59de
    The second article was at Russia Insider, which claims (IIRC) that it had to be a leak, because Snowden revealed that every data transmission in or out of the country is known; and that if there was evidence, it would have been proven. I don’t know about this security business, but at least during the Cuban Missile Crisis, there was evidence presented.
    My take on the MSM:

    1. Toastrider

      Hell, I think that’s insulting to the Enquirer.

      Remember, the Enquirer got the goods on John Edwards knocking up his campaign staffer, and torpedoed his presidential aspirations pretty much permanently.

      1. Quill_&_Blade

        Guess i need to actually read it once in awhile. I remember them for hard to resist cover stories; like “UFO lands on white house lawn, abducts Monica” or “man shoots 24 inch long grasshopper on his ranch”. Don’t quote me on those, but it’s not like it will hurt sales if I’m wrong.

        1. John M.

          The Enquirer is more of a celebrity gossip rag than it is a weird made-up news rag. Weekly World News had the “Bat Boy” and “UFO Lands..” racket sewn up for a while, but I think even they couldn’t compete with the weird news on the internet.

          -John M.

          1. staghounds

            Whenever there’s a story in a national medium- network news, NYT, LAT, CNN- that I personally know anything about, there’s a factual error about a third of the time- they get a name or location wrong, or a more serious error.

            The one exception is the Enquirer- they have never written a story that I knew was wrong.

            If I had to bet my own real money on a news outlet being right, it would be on the Enquirer.

  7. robroysimmons

    The Left has the mind of a woman if you have to game their actions / reactions think of a stressed or even crazy woman and you will be in the ballpark. Even the kids in the IT department were more worried about their standing in the social hierarchy than the job at hand

  8. John M.

    So, the last memo I have on the subject is that questioning the outcome of the US Presidential election was the worst thing that had ever happened in the history of history. Like worse than poisoning Socrates.

    So unless I get something else from the head office, I’m going to continue to go with that. Then again, there might be a newer email on the subject. My email hasn’t worked since that helpful Russian guy called me to help with a password problem.

    But jokes aside, I would consider it entirely plausible that there was Russian hacking and that there were one or more insider leaks. Insider leaks would be a nice way for the Russians to cover their tracks, and it’s not impossible that both happened independently.

    -John M.

    1. Chris W.

      I concur John. A multi-pronged attack is something that would be very desirable, especially in IT circles. I’m sure that Hognose would be able to enlighten us on the SF aspect of this particular tactic, but I believe that it is well known that aside from a frontal attack, a pincer movement and flanking attacks are beneficial in most circumstances to the attacker.

      I personally am heavily invested in the cybersecurity arena (and I don’t mean stocks). Having been (Director of Operations) responsible for the data security of dozens of companies simultaneously and having seen what happens when advice is ignored, I can attest that ignorance of professional advice can have far-reaching, negative results. I’m currently in a position where I’m responsible for power/water distribution for an area where loss of services would undoubtedly result in multiple fatalities. This is no joke when you’re dealing with our infrastructure, and the DNC simply did not hire personnel that were up to the task. I don’t blame the Russians/Cubans/Venezuelans/Martians for this attack, we’re under CONSTANT attack. Hell, talk to anyone in Military Cybersecurity and they’ll tell you the same. I attended a seminar years ago from an Air Force IT specialist that spoke about the volume of attacks their particular base came under, and it is spectacular that our military can even communicate at times due to the sheer volume of attacks!

      If you don’t hire competent people to perform a task, expect less than optimal performance on said task.

      Our corporations should embrace this mantra when they consider outsourcing jobs. DNC, I’m a speakin’ to you! (just as the most obvious example) – hell, see Yahoo mail recently :)

    2. Chris W.

      I concur John. A multi-pronged attack is something that would be very desirable, especially in IT circles. I’m sure that Hognose would be able to enlighten us on the SF aspect of this particular tactic, but I believe that it is well known that aside from a frontal attack, a pincer movement and flanking attacks are beneficial in most circumstances to the attacker.

      I personally am heavily invested in the cybersecurity arena (and I don’t mean stocks). Having been (Director of Operations) responsible for the data security of dozens of companies simultaneously and having seen what happens when advice is ignored, I can attest that ignorance of professional advice can have far-reaching, negative results. I’m currently in a position where I’m responsible for power/water distribution for an area where loss of services would undoubtedly result in multiple fatalities. This is no joke when you’re dealing with our infrastructure, and the DNC simply did not hire personnel that were up to the task. I don’t blame the Russians/Cubans/Venezuelans/Martians for this attack, we’re under CONSTANT attack. Hell, talk to anyone in Military Cybersecurity and they’ll tell you the same. I attended a seminar years ago from an Air Force IT specialist that spoke about the volume of attacks their particular base came under, and it is spectacular that our military can even communicate at times due to the sheer volume of attacks!

      If you don’t hire competent people to perform a task, expect less than optimal performance on said task.

      Our corporations should embrace this mantra when they consider outsourcing jobs. DNC, I’m a speakin’ to you! (just as the most obvious example) – hell, see Yahoo mail recently :)

      If this is a dupe message, please forgive as the blog didn’t show my reply.

      1. Hognose Post author

        If a message exceeds some arbitrary length or contains a link, it gets sent to moderation purgatory until I notice it’s in there. Sorry ’bout that!

      2. John M.

        I’m not even convinced it had to have been a multi-pronged attack. While that wouldn’t be surprising for the Russians given my limited knowledge of spycraft, I’d consider it just as likely that one or two people at the DNC could have leaked this stuff to Wikileaks for any one or more of the following reasons:
        -Hillary Berned Bernie
        -Hillary is an unusually unpleasant person to work for
        -Hillary is obviously just peddling Leftism for personal remuneration, and is insufficiently committed to The Cause
        -Podesta/other campaign high-ups are jackwagons
        -Money
        -Girls/Boys

        -John M.

        1. Hognose Post author

          Handy acronym for analysis of intelligence recruiting / counterintelligence mole hunting: MICER

          M ONEY
          I DEOLOGY
          C OMPROMISE
          E GO
          R EVENGE

          Professional agent handlers know how to put multiple hooks into an agent — for example, compromising an ideological or ego agent, or getting a revenge agent hooked on your money (which is also a de facto compromise: “You want to stop spying for us? Well, if we were angry with you, who knows where copies of those receipts you signed might turn up?”).

  9. LSWCHP

    I also have an interest in military cyber security, and I can confirm that attacks are regular, varied and subtle.

    Honestly, my flabber is gasted after reading this story. Incompetence and hubris of this magnitude is well above and beyond the call of duty, and actually requires a special gift.

    This story alone is evidence, if any more is needed, that Clinton and her repulsive toadies weren’t fit to run your country. November 8 was great day in American history, Y’all dodged a bullet, along with the rest of the world.

    1. Mike_C

      >This story alone is evidence, if any more is needed, that Clinton and her repulsive toadies weren’t fit to run your country.
      Exactly! The lack of self-awareness in pushing this/these tale/s astounds me.

      As to
      > worse than poisoning Socrates.
      If you mean that trying then allowing Socrates to martyr himself for the ages was a tactical error, yes, the Athenians did a bad thing. Shoulda just exiled that barefoot, tyranny-of-the-elite-agitating (as in those who consider themselves intellectually elite), Occupy Athens layabout. (No wonder Xanthippe was such a bitch. Stuck with a guy like that would turn anyone into a bitter wretch.) Ever notice that Socrates’ “Philosopher Kings” schtick is weirdly resonant with the modern Left’s soi disant intellectuals who are simultaneously wetting their pants and furiously masturbating (sorry for the mental image) over how this recent presidential election just goes to show that the average American can’t be trusted with the franchise? “Why, if only we could limit the vote to those with the proper training and background (cough, Ivy, Berkeley, cough) how much better off those poor ignorant bitter clingers would be. They don’t know what’s good for them. That’s why they must be led by those few of us who know better. Even if it requires having public and private positions.”

      Heck, no less a person than (noted leftist) I.F. Stone concluded that Socrates had it coming. (Incidentally, have a look at the Wikipedia entry on Izzy Stone. It’s such a figurative tongue-bath that I feel the need for gallons of Purell (TM) just having read it; the salivary splatter came right through the intertubes and out this monitor. Ech. That Stone hagiography was nearly as embarrassing as all the “No, let me praise Socrates!” stuff in Plato’s various accounts.)

      Not that I have strong feelings about this.

      1. John M.

        Power in a democracy does not reside with The People. It never has. Power in a democracy resides with those who tell the people what to think. This is why the people who tell others what to think in our democracy are almost uniformly Leftist in orientation: There’s no power or margin for them in responsible government. That’s why the people who tell others what to think in our democracy are losing their ever-loving minds over Trump’s election: They told The People what to think, and The People didn’t listen to them.

        The way elites rule in a democracy is uniquely dysfunctional compared to how the elites rule in systems where elites actually rule. Please don’t confuse the two. And don’t be fooled into thinking that any serious civilization has been ruled by anything other than an elite.

        -John M.

        1. Mike_C

          I have surprisingly little problem with an elite that actually, a) has some superior ability and the self-discipline to apply it usefully, b) understands that loyalty must be bidirectional. But, to quote IIRC Heinlein, “the supply of Bernadottes is limited.”

          As to The People, I commend to you Kipling’s “MacDonough’s Song”.
          […]
          Whether The People be led by The Lord,
          Or lured by the loudest throat:
          If it be quicker to die by the sword
          Or cheaper to die by vote–
          These are things we have dealt with once,
          (And they will not rise from their grave)
          For Holy People, however it runs,
          Endeth in wholly Slave.

          Whatsoever, for any cause,
          Seeketh to take or give
          Power above or beyond the Laws,
          Suffer it not to live!
          Holy State or Holy King–
          Or Holy People’s Will–
          Have no truck with the senseless thing.
          Order the guns and kill!
          […]

          That second stanza there is seeming alarmingly relevant these days.

          1. Hognose Post author

            Funny, he’s completely deprecated in the modern English Lit canon. But then, so is Shakespeare. I have had more than one professor mention a disdain for one or the other, that she (regardless of preferred pronoun, Eng Lit profs are all shes) clearly hadn’t read. One can often make their heads explode by quoting Victorian poetry from memory, which none of them can do with anything, beyond the first stanza. For the rest of the evening they sidle to the corner of the party across from you!

    2. Hognose Post author

      They actually got into Podesta’s mail by spearphishing not him, but one of his guys, with a link to change his password.The ass-kissing flunky forwarded the email to Podesta, and he duly changed his password — on the persistent threat’s server.

      1. Boat Guy

        The “Smartest Woman” EVAR and her amazing crew..,
        We didn’t dodge a bullet; we dodged a Regimental volley…

  10. Aesop

    DNC carpet-bomb hacked by h.s.-level Russian phishing?
    Pardon me for asking, but
    What difference, at this point, does it make?

    Chickens. Roost. No assembly required.

  11. staghounds

    Here’s what I don’t understand, and I’d like to ask our masters in the media about.

    It appears from your stories that you believe that some Russians found and revealed genuine internal DNC emails that embarrassed the Democrats,and which may have influenced some voters away from them.

    You call this “hacking” the election.

    Aren’t voters supposed to make their decisions based on truth and facts? Shouldn’t the people have ALL the facts, no matter their source?

    Isn’t it YOUR OWN MISSION to reveal the unpleasant secrets of the powerful so that we know them? Don’t you have a First Amendment jurisprudence which is designed exactly to protect you when you use anonymous, or even criminal, sources to get and publish information? Don’t you have special schools to teach that it’s your sacred DUTY to reveal the inner workings of important institutions, so the voters can make informed decisions?

    Why weren’t publicising the GMA tape or Trump’s tax returns “hacking” the election? Were the sources who first presented other great, politics-altering stories vetted for purity of motive first? Why weren’t the coverage of Watergate or Iran-Contra “hacking”?

    If Castro had sent you the RNC’s and Donald Trump’s emails, would you have sat on them because they came from a bad man who wanted to influence the election?

    Are you angry because Assange did your job and made you seem irrelevant?

    Or might the truth have hurt your team and you’re furious that we learned it?

  12. James

    Most of you guys are dead on. Though the Republicans pushing this are every bit as bad as the Dems and Press. The same turds keep floating to the top:Graham, Ryan, and McCain ,some of the same people most opposed to Trump. It’s sheer stupidity to think that anyone and everyone isn’t actively hacking any and every system that has anything to do with Government ,and that we don’t do the same to them. Of course they try to use any information they get to their favor, just like we do. Do you honestly think we don’t try to influence elections?

    I honestly don’t care whether it was hacked or leaked. In fact their squealing about it being hacked information pretty much guaranteed that it is true. Nothing there can be denied once you admit it came from you.

Comments are closed.