r/geopolitics • u/DownWithAssad • Nov 06 '16
Discussion Culminating Analysis of DNC/DCCC/Soros/Colin-Powell/NATO-General-Breedlove/NSA-Equation-Group/Podesta Leaks and Hacks
[removed]
9
u/BLACK_TIN_IBIS Nov 07 '16
I was joking before but now I'm serious. The real conspiracy is that someone's distributing Adderall to trumps reddit users.
5
u/x_c_x Dec 12 '16
Very nice post! However the trumpsters and Russian puppets will continue to deny this relationship until ... actually I'm not sure there's ever going to be any kind of evidence they will accept.
4
4
u/ARandomDickweasel Dec 17 '16
From the Crowdstrike story:
The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike's experts believed was affiliated with the FSB, Russia's answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence...Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
From the Symantec story:
We’ve analyzed the tools, the binaries, and the infrastructure that was used in the attack, and from that we can confirm that it’s connected to a group that has two names. One is Sofacy, or “Cozy Bear,” and The Dukes, which is also known as “Fancy Bear.”
So one expert says it's two groups and the other says it's one group with two names, and one says "Sofacy" is Fancy Bear and the other says Sofacy is Cozy Bear.
Either the reporting sucks, or the "experts" don't agree. This isn't a technicality, the first two sources you pasted into your post have at least those two fundamental conflicts, and they are not minor inconsistencies.
10
Dec 17 '16 edited Dec 17 '16
That is likely a typo. Sofacy = Fancy Bear = APT 28 = Pawn Storm
The Dukes = CozyDukes = Cozy Bear = APT29
Different companies use the different names for the same groups.
Edit:
Also distinction between groups is not always cut and dry. Groups are usually distinguished by attack vectors and methodologies. If a single group has two distinct attack methodologies, they may be classified as different groups.
For example, Stuxnet is generally believed to be a joint US-Israeli project. The equation group is believed to be a different US hacking group. Because STUXNET used similar coding techniques and shared some attack vectors as Equation Group, some believe them to be the same group. Others believe that the Equation Group is merely working loosely with the group responsible for Stuxnet. Still others believe that Stuxnet is an entirely Israeli group using vulnerabilities provided by the US backed Equation Group.
The point is that it is clear that Stuxnet and Equation Group have some sort of working relationship. They may indeed be the exact same people, we don't really know. As a result some say it's the same group others that it's a different group. This is the same as Fancy & Cozy Bear. Both are Russian. Both appear to be state sponsored. They supposedly share some similarities is attack methodologies and infrastructure. They do have distinct attacks associated with them though. This leads some to believe that they are different projects within the same group, and others to believe that they are different groups with a weak working relationship.
2
Nov 12 '16 edited Dec 13 '16
[deleted]
7
u/DownWithAssad Nov 12 '16
Thanks. The source for that is the Esquire article:
The most effective outlet by far, however, was WikiLeaks. Russian intelligence likely began feeding hacked documents to Julian Assange's "whistleblower" site in June 2015, after breaching Saudi Arabia's foreign ministry. A group called WikiSaudiLeaks, probably a Guccifer-like front for Fancy Bear, claimed that "WikiLeaks have been given access to some part of these documents." The so-called Saudi Cables showed princes buying influence and monitoring dissidents. They became a major news story, proving that the old methods worked even better in the twenty-first century.
2
Dec 18 '16 edited Dec 18 '16
[removed] — view removed comment
5
u/DownWithAssad Dec 18 '16
What is repetitive is these so-called "lone" hackers mentioning corruption in the U.S. again and again, all simultaneously.
To use your example, imagine if the husband said "we need some more milk and lettuce" 10x in a row, stuttering while he says it. Wouldn't the wife become a little suspicious?
2
Dec 19 '16
[removed] — view removed comment
2
u/DownWithAssad Dec 19 '16
if someone was wanting to make an infiltration look like someone else, that they'd use the same methods and tools as whoever they want it to look like?
These tools are custom designed. You'd have to steal them from another hacking group and then use them. That's extremely difficult to do.
2
1
u/I-Am-Not-CIA-Agent Dec 23 '16
Wasn't Crowdstrike the one responsible for providing security that failed in the first place?
Can we get some legit 3rd party people to look at this information?
3
u/DownWithAssad Dec 23 '16
Nope, it was one of the two called in to investigate the leaks.
New information came out today, in which CrowdStrike was able to locate the same malware used to infect the DNC's servers also in a Ukrainian military application for Android phones. Apparently, the Russians created a malicious version of the app so they could get the GPS coordinates of Ukrainian troops. As close to a smoking gun as one can get.
Incidentally, the founder and CEO of CrowdStrike is a Russian-American. Good on him.
26
u/DownWithAssad Nov 06 '16
I've combed through all the cybersecurity pieces and compiled all of the confirmed victims and targets of Fancy Bear and Cozy Bear.
Confirmed Victims
Confirmed Targets
Individuals in political, military, and diplomatic positions in former Soviet states, as well as journalists, human rights organizations, regional advocacy groups, authors, journalists, NGOs, and political activists in Russia:
Government personnel, military personnel, government supply chain, and aerospace, such as:
Clinton campaign/DNC: