[This comment is a continuation from a previous comment. Please read that one before reading this one]
[... continued]
[a] is to a Twitter post, itself a reply to a now-deleted Twitter post. It's a person looking for clarification from the now-deleted OP! This is "one of the strongest pieces of evidence" that Vice (and yourself, apparently?) can muster, and it's a Twitter reply, seeking clarification, from a deleted tweet.
[b] is a German-language report from BfV about, as far as I can tell, Russian cyber attacks on Germany, and not relevant to the DNC attack.
[c] an article about the Russian attack on the German bundestag and the German response. Not relevant to the DNC attack.
[d] is the to the same thread as in [a], the fellow looking for clarification from the now deleted OP
Why would Vice provide so many links to only peripherally related material? Why didn't it link directly to [2]? The author must have seen it, and it far more supports the assertion than [a]-[d]
Could it be to bolster the appearance of overwhelming evidence when there actually is very little?
Let's evaluate that actual claim itself, the strongest evidence: "a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC's servers"
First, from the Bundestag report [2]:
"While attribution of malware attacks is rarely simple or conclusive , during the course of this investigation I uncovered evidence that suggests the attacker might be affiliated with the state-sponsored group known as Sofacy Group (also known as APT28 or Operation Pawn Storm). Although we are unable to provide details in support of such attribution, previous work by security vendor FireEye [i] suggests the group might be of Russian origin, however no evidence allows to tie the attacks to governments of any particular country. " (emph. mine)
The researcher is much less certain that the attack was from Russia than Vice is, apparently. Cannot provide details, literally says "no evidence allows to tie the attacks to governments of any particular country"
From [i] "SOURFACE: This downloader is typically called Sofacy within the cyber security community. However because we have observed the name “Sofacy” used to refer to APT28 malware generally (to include the SOURFACE dropper, EVILTOSS, CHOPSTICK, and the credential harvester OLDBAIT), we are using the name SOURFACE to precisely refer to a specific downloader."
This is the only mention of Sofacy in the entire report, which goes on to link SOURFACE to Russia. The link to Russia, and it's a fair point, is that SOURFACE has been deployed in niche situations that support Russian interests. So SOURFACE is Russian. Russian state? Perhaps.
The evidence is even more tenuous: The FireEye report links Russia to SOURFACE, a piece of malware, and not Sofacy. But let's grant it. SOURFACE is Russian State, and we now know that Russia engages in cyber attacks.
What about "the strongest piece of evidence", that hard-coded C&C IP address `176.31.112[.]10`? I'm not rejecting the evidence, but am going to push back on it. I don't know enough to evaluate this claim: "Those servers were dead at the time, so at best these would be leftover artifacts, not in-use infrastructure" [3]
Is it not possible that the Bundestag attack and DNC servers were attacked by script kiddies, using outdated malware? I have a feeling the Bundestag researcher [2] would shrug and say "It's possible". Not Vice though.
If "those servers were dead at the time" is true, it wouldn't just be misdirection from Russian state actors, it would bespeak profound incompetence. It might even be evidence against Russian state actors at least, in these cases.
Why do I give a shit? Why spend an hour and a half writing this already too-long response, evaluating what's turning out not to be the hard evidence I asked for?
Remember: the original claim is that the DNC was definitely attacked by Russia, that Russia helped Trump to win with both the collusion of the Trump campaign and WikiLeaks. In support of this claim were quotes from anonymous sources and a baffling maze of links designed to obfuscate the fact that it's far from definite.
Because of this dubious claim (again presented as definitely proven without a doubt):
* The legitimacy of the Office of the Presidency has been destabilized. I don't think most Americans understand how dangerous this is. It's more dangerous than an actual terrible, shitty President. It's more dangerous than Pol Pot himself being elected President, because checks and balances would reign in a genocidal maniacs worst impulses. Once that legitimacy is destabilized, all bets are off: peaceful transfer of power is destabilized and all hell breaks loose. The stability and prosperity that Americans have enjoyed for 150 years becomes civil war, strongmen, competing Presidents, ruin. This is not within living American experience, so people can be cavalier about saying "I know the President is a Russian asset" and then pass off a maze of nonsense as "proof". I don't get it, I really don't.
* With respect to Julian Assange, the erstwhile leader of WikiLeaks, the rule of law and inalienable human rights are being egregiously violated, with the encouragement of rank-and-file Democrats, because of this dubious claim that WikiLeaks colluded with Russia to get Trump elected. If it can happen to Assange, it can happen to any journalist, if the accusation is terrible enough. If it can happen to any journalist, it can happen to anyone.
I really do want to see the strongest evidence, not get worn down by looking at Twitter feeds and irrelevant German-language reports and such
So, please, for the love of everything you care about, don't make me dig through a flood of nonsense to find that one gem of [2] with falsifiable information. Link directly to the report, the strongest piece of evidence, if you can. Please, supply one link. If you keep flooding me with a maze of links, that will take me hours and hours to go through, it will make me think that you don't actually read what you're sending me, or that you don't have evidence.
In any case, I will continue to look more in detail at everything you have here. Maybe something there is that gem.
[... continued]
[a] is to a Twitter post, itself a reply to a now-deleted Twitter post. It's a person looking for clarification from the now-deleted OP! This is "one of the strongest pieces of evidence" that Vice (and yourself, apparently?) can muster, and it's a Twitter reply, seeking clarification, from a deleted tweet.
[b] is a German-language report from BfV about, as far as I can tell, Russian cyber attacks on Germany, and not relevant to the DNC attack.
[c] an article about the Russian attack on the German bundestag and the German response. Not relevant to the DNC attack.
[d] is the to the same thread as in [a], the fellow looking for clarification from the now deleted OP
Why would Vice provide so many links to only peripherally related material? Why didn't it link directly to [2]? The author must have seen it, and it far more supports the assertion than [a]-[d]
Could it be to bolster the appearance of overwhelming evidence when there actually is very little?
Let's evaluate that actual claim itself, the strongest evidence: "a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC's servers"
First, from the Bundestag report [2]:
"While attribution of malware attacks is rarely simple or conclusive , during the course of this investigation I uncovered evidence that suggests the attacker might be affiliated with the state-sponsored group known as Sofacy Group (also known as APT28 or Operation Pawn Storm). Although we are unable to provide details in support of such attribution, previous work by security vendor FireEye [i] suggests the group might be of Russian origin, however no evidence allows to tie the attacks to governments of any particular country. " (emph. mine)
[i] https://www.fireeye.com/content/dam/fireeye-www/global/en/cu...
The researcher is much less certain that the attack was from Russia than Vice is, apparently. Cannot provide details, literally says "no evidence allows to tie the attacks to governments of any particular country"
From [i] "SOURFACE: This downloader is typically called Sofacy within the cyber security community. However because we have observed the name “Sofacy” used to refer to APT28 malware generally (to include the SOURFACE dropper, EVILTOSS, CHOPSTICK, and the credential harvester OLDBAIT), we are using the name SOURFACE to precisely refer to a specific downloader."
This is the only mention of Sofacy in the entire report, which goes on to link SOURFACE to Russia. The link to Russia, and it's a fair point, is that SOURFACE has been deployed in niche situations that support Russian interests. So SOURFACE is Russian. Russian state? Perhaps.
The evidence is even more tenuous: The FireEye report links Russia to SOURFACE, a piece of malware, and not Sofacy. But let's grant it. SOURFACE is Russian State, and we now know that Russia engages in cyber attacks.
What about "the strongest piece of evidence", that hard-coded C&C IP address `176.31.112[.]10`? I'm not rejecting the evidence, but am going to push back on it. I don't know enough to evaluate this claim: "Those servers were dead at the time, so at best these would be leftover artifacts, not in-use infrastructure" [3]
Is it not possible that the Bundestag attack and DNC servers were attacked by script kiddies, using outdated malware? I have a feeling the Bundestag researcher [2] would shrug and say "It's possible". Not Vice though.
If "those servers were dead at the time" is true, it wouldn't just be misdirection from Russian state actors, it would bespeak profound incompetence. It might even be evidence against Russian state actors at least, in these cases.
Why do I give a shit? Why spend an hour and a half writing this already too-long response, evaluating what's turning out not to be the hard evidence I asked for?
Remember: the original claim is that the DNC was definitely attacked by Russia, that Russia helped Trump to win with both the collusion of the Trump campaign and WikiLeaks. In support of this claim were quotes from anonymous sources and a baffling maze of links designed to obfuscate the fact that it's far from definite.
Because of this dubious claim (again presented as definitely proven without a doubt):
* The legitimacy of the Office of the Presidency has been destabilized. I don't think most Americans understand how dangerous this is. It's more dangerous than an actual terrible, shitty President. It's more dangerous than Pol Pot himself being elected President, because checks and balances would reign in a genocidal maniacs worst impulses. Once that legitimacy is destabilized, all bets are off: peaceful transfer of power is destabilized and all hell breaks loose. The stability and prosperity that Americans have enjoyed for 150 years becomes civil war, strongmen, competing Presidents, ruin. This is not within living American experience, so people can be cavalier about saying "I know the President is a Russian asset" and then pass off a maze of nonsense as "proof". I don't get it, I really don't.
* With respect to Julian Assange, the erstwhile leader of WikiLeaks, the rule of law and inalienable human rights are being egregiously violated, with the encouragement of rank-and-file Democrats, because of this dubious claim that WikiLeaks colluded with Russia to get Trump elected. If it can happen to Assange, it can happen to any journalist, if the accusation is terrible enough. If it can happen to any journalist, it can happen to anyone.
I really do want to see the strongest evidence, not get worn down by looking at Twitter feeds and irrelevant German-language reports and such
So, please, for the love of everything you care about, don't make me dig through a flood of nonsense to find that one gem of [2] with falsifiable information. Link directly to the report, the strongest piece of evidence, if you can. Please, supply one link. If you keep flooding me with a maze of links, that will take me hours and hours to go through, it will make me think that you don't actually read what you're sending me, or that you don't have evidence.
In any case, I will continue to look more in detail at everything you have here. Maybe something there is that gem.
[1] https://krebsonsecurity.com/2015/05/security-firm-redefines-...
[2] https://netzpolitik.org/2015/digital-attack-on-german-parlia...
[3] https://twitter.com/outsh1ned/status/1019012623789010944 (hey, if you're going to use Twitter posts from randos on the internet as evidence, so can I!)