The Obama administration is preparing to announce, as soon as Thursday, a series of retaliation measures against Russia for meddling in the US election, according to American officials briefed on the plans.

The actions are expected to include expanded sanctions and diplomatic measures, the officials said, in what the administration deems a proportional response to a Russian operation that went beyond cyber hacking activities common among nations.

DISCLAIMER: This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.
[...]

White House fails to make case that Russian hackers tampered with election

Talk about disappointments. The US government's much-anticipated analysis of Russian-sponsored hacking operations provides almost none of the promised evidence linking them to breaches that the Obama administration claims were orchestrated in an attempt to interfere with the 2016 presidential election.

The 13-page report, which was jointly published Thursday by the Department of Homeland Security and the FBI, billed itself as an indictment of sorts that would finally lay out the intelligence community's case that Russian government operatives carried out hacks on the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton Campaign Chief John Podesta and leaked much of the resulting material. While security companies in the private sector have said for months the hacking campaign was the work of people working for the Russian government, anonymous people tied to the leaks have claimed they are lone wolves. Many independent security experts said there was little way to know the true origins of the attacks.
Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate. Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' "tradecraft and techniques" and instead delivering generic methods carried out by just about all state-sponsored hacking groups.


"This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," Robert M. Lee, CEO and Founder of the security company Dragos, wrote in a critique published Friday. "It is my opinion and speculation that there were some really good government analysts and operators contributing to this data and then report reviews, leadership approval processes, and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little."
[...]

‘Not the Russians’: John McAfee talks hacking allegations, cybersecurity with Larry King



Following the release of an FBI report outlining Russia’s alleged role in hacking the 2016 election, Larry King sat down to talk with tech pioneer John McAfee to discuss the current state of cybersecurity.

McAfee is no stranger to cybersecurity. As the developer of the first commercial antivirus program, he has been a major player in the industry for the past 50 years. He is also the CEO of MGT Capital Investments, and an outspoken former presidential candidate for the Libertarian Party.

Based on all of his experience, McAfee does not believe that Russians were behind the hacks on the Democratic National Committee (DNC), John Podesta’s emails, and the Hillary Clinton presidential campaign. As he told RT, “if it looks like the Russians did it, then I can guarantee you it was not the Russians.”

The Joint Analysis Report from the FBI contains an appendix that lists hundreds of IP addresses that were supposedly “used by Russian civilian and military intelligence services.” While some of those IP addresses are from Russia, the majority are from all over the world, which means that the hackers constantly faked their location.
McAfee argues that the report is a “fallacy,” explaining that hackers can fake their location, their language, and any markers that could lead back to them. Any hacker who had the skills to hack into the DNC would also be able to hide their tracks, he said

“If I was the Chinese and I wanted to make it look like the Russians did it, I would use Russian language within the code, I would use Russian techniques of breaking into the organization,” McAfee said, adding that, in the end, “there simply is no way to assign a source for any attack.”
[...]

Creator of NSA’s Global Surveillance System Calls B.S. On Russian Hacking Report
[...]
Binney tells Washington’s Blog:
Binney designed the NSA’s electronic surveillance system, so he would know.

Something About This Russia Story Stinks

[...]
At one point we learn that the code name the U.S. intelligence community has given to Russian cyber shenanigans is GRIZZLY STEPPE, a sexy enough detail.


But we don't learn much at all about what led our government to determine a) that these hacks were directed by the Russian government, or b) they were undertaken with the aim of influencing the election, and in particular to help elect Donald Trump.


The problem with this story is that, like the Iraq-WMD mess, it takes place in the middle of a highly politicized environment during which the motives of all the relevant actors are suspect. Nothing quite adds up.



If the American security agencies had smoking-gun evidence that the Russians had an organized campaign to derail the U.S. presidential election and deliver the White House to Trump, then expelling a few dozen diplomats after the election seems like an oddly weak and ill-timed response. Voices in both parties are saying this now.
[...]
Did the Russians do it? Very possibly, in which case it should be reported to the max. But the press right now is flying blind. Plowing ahead with credulous accounts is problematic because so many different feasible scenarios are in play.


On one end of the spectrum, America could have just been the victim of a virtual coup d'etat engineered by a combination of Donald Trump and Vladimir Putin, which would be among the most serious things to ever happen to our democracy.

But this could also just be a cynical ass-covering campaign, by a Democratic Party that has seemed keen to deflect attention from its own electoral failures.

The outgoing Democrats could just be using an over-interpreted intelligence "assessment" to delegitimize the incoming Trump administration and force Trump into an embarrassing political situation: Does he ease up on Russia and look like a patsy, or escalate even further with a nuclear-armed power?
[...]
I have no problem believing that Vladimir Putin tried to influence the American election. He's gangster-spook-scum of the lowest order and capable of anything. And Donald Trump, too, was swine enough during the campaign to publicly hope the Russians would disclose Hillary Clinton's emails. So a lot of this is very believable.

But we've been burned before in stories like this, to disastrous effect. Which makes it surprising we're not trying harder to avoid getting fooled again.

Obama Response to Alleged Russian Hacking Undermines Confidence in U.S. Government
[...]
The FBI and DHS joint report does explain how the DNC was hacked but offers little new information about that. In more technical language, the document explains that hackers sent out a thousand phishing emails, looking for someone to click on an attachment and thus provide them access into the targeted system via malware. We know from New York Times reporting that John Podesta's emails were compromised in just such a way.


Similarly, the report doesn't even really pretend to document that the Russian government was directly involved in the hackings; rather than offering independent verification, it asks readers to rely yet one more time on the FBI and DHS, two agencies that have done little to inspire full confidence among Americans. As former George W. Bush campaign heavyweight and ABC News' chief political analyst, Matthew Dowd, put it on Twitter: "Lets be clear: U aren't an American patriot & don't respect Constitution if u believe Putin more than our President and intelligent services." Perhaps believing the president is in Article 12 of the Constitution? You don't have to be an America hater to distrust the president or intelligence services. The United States was, for example, sure that North Korea was behind the hacking of Sony, and then decided it wasn't. The machinations of the intelligence community are notoriously lacking in transparency, making a substantive evaluation of its claims exceedingly difficult.

The administration argues that the hacks of the DNC and Podesta were "intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government," but it does not explain how. None of the emails released by Wikileaks from the DNC or Podesta's email account have been challenged as forgeries or faked. Insofar as the emails from the DNC illustrated that Democratic Party bigwigs were in fact skewing the primary process to benefit their favored candidate, Hillary Clinton, over Bernie Sanders, any loss of faith in the DNC ought to be blamed on the DNC and not on whoever might have hacked their emails or released them to Wikileaks. (Wikileaks, for its part, has denied receiving the email batches from Russian sources.) Those revelations combined with worries in the Sanders camp about how much the legacy media was in the tank for Clinton, with the larger result that many Americans had less faith in the DNC (and its former chairperson Debbie Wasserman-Schultz) and major newspapers and news channels. But none of the emails themselves suggested anything untoward about the actual voting process—no illegal tampering with voting machines or voter rolls or anything of the kind.


If we're being honest (rather than purely partisan), the administration's slow-moving and cryptic responses to the alleged Russian hacking has itself sowed doubt "about the integrity of our electoral process" and undermined "confidence in the institutions of U.S. government." Within recent memory, we've been treated to revelations that Obama kept an unconstitutional "secret kill list," and that major intelligence bosses have lied under oath; whatever else you might say about the way that director James Comey handled the FBI's investigation of Clinton's private server during the election, you can't say it made you feel more sure about an outfit with a decades-long reputation for spin and outright deception.
[...]
No, you only have to have lived in the United States for any length of time, especially in the 21st century, when government officials have been caught redhanded lying to the public and Barack Obama has failed to deliver on his promise to run the "most transparent administration ever." This is the man, after all, who has been called "the greatest enemy of press freedom in a generation" by legendary journalist James Risen. It will take more than a few reports and press statements to regain the confidence of Americans. Indeed, it might even take the kind of transparency and sharing of information that he once promised to deliver.

The hackers had first pillaged a massive trove of background-check data. As part of its human resources mission, OPM processes over 2 million background investigations per year, involving everyone from contractors to federal judges. OPM’s digital archives contain roughly 18 million copies of Standard Form 86, a 127-page questionnaire for federal security clearance that includes probing questions about an applicant’s personal finances, past substance abuse, and psychiatric care. The agency also warehouses the data that is gathered on applicants for some of the government’s most secretive jobs. That data can include everything from lie detector results to notes about whether an applicant engages in risky sexual behavior.

The hackers next delved into the complete personnel files of 4.2 million employees, past and present. Then, just weeks before OPM booted them out, they grabbed approximately 5.6 million digital images of government employee fingerprints.