Russian government hackers spent a year in our servers, admits DNC The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents. The attack was uncovered six weeks ago, after IT admins noticed something strange was …
An analysis of the servers showed that no financial, donor or personal information had been accessed or stolen by the two teams, the DNC said
That would bejust the list of the pulsating-neon-ultra-hard-right members of Israeli "democracy", it can be had from Wikipedia too.
Also shady people with real estate "interests", wall street types and other rifraf.
The quoted DNC paragraph about Trump at the end doesn't seem to fit the article and I can't find that quote anywhere else. Did Iain just completely make that up?
On a related note does El Reg do any internal vetting for accuracy? I think making stuff up in he press is legally actionable in Great Britain.
"making stuff up in he press is legally actionable in Great Britain"
Probably not, as that would put at least 90% of the UK press out of business.
Libel is actionable, and the relevant laws in the UK are more favourable to the ligitant than they are in, say, the US - although this changed in England and Wales recently ( also, I think, in Scotland ), but not in Northern Ireland.
Apparently at least 5 people are completely unaware about how "campaigns" actually work and who those "donors" are. AIPAC does not stand for "American Indians for Peace and Cooperation".
Also note that pathological liar Hillary is the candidate of choice for the reboot of PNAC. Yeah, we will see more of "Victoria Nuland", "Color Revolutions", "Surges in faraway lands", "Putin is Hitler", "China containment", "Nuclear renewal" and "Responsibility to Protect" nation wrecking and induced ultrakill under that woman'spsycho's watch.
Not ok with pathological liar description? Here is what she has to say about Orlando:
“The attack in Orlando makes it even more clear, we cannot contain this threat. We must defeat it. And the good news is that the coalition effort in Syria and Iraq has made recent gains in the last months.
“So we should keep the pressure on ramping up the air campaign, accelerating support for our friends fighting to take and hold ground and pushing our partners in the region to do even more.
“We also need continued American leadership to help resolve the political conflicts that fuel ISIS recruitment efforts.
“But as ISIS loses actual ground in Iraq and Syria, it will seek to stage more attacks and gain stronger footholds wherever it can, from Afghanistan, to Libya, to Europe.
“The threat is metastasizing….”
Nothing of the above fits any reality I am aware of.
"Until a denial is issued, we may assume for convenience that" Mrs. "Clinton and the DNC hired their admins from the same applicant pool and got similar skill levels."
Considering the politics of the DNC, and the EXPECTATION that their security team are ALSO of a similar political mindset, the average intelligence of their 'pool' might just be a room temperature I.Q. number (in Farenheit, not Celsius, I'm being kind that way). General snarky comment on average intelligence of average gummint employees notwithstanding.
/me ducks for expected rotten veggies and thumb-downs from the 'howlers'
Oh, and it looks like they were running WINDOWS servers! I'd have to wonder if a properly configured (and firewalled) BSD or Linux server would've been so easily cracked... unless they have a root password of 'dadada'. And allow ssh logins to root. Without 'fail2ban' or some other means to cut down on the crack attempts. Yeah.
"..hired their admins from the same applicant pool.."
Well, Mr Pagliano's IT qualifications were that he worked on her 2008 campaign, which morphed into an "IT" job in the State Department. I'm sure he is an inspiration to all clowns everywhere, and a role model for DNC IT folks.
Since the FBI looked for several months and said they found no evidence of intrusion, if someone did break in it sounds like they did a better job than these heavy handed DNC hackers did.
At any rate, it isn't as though US government run servers have a good security record either, witness the hack that got personal information for pretty much everyone with a security clearance from the OPM. Hackers are as likely to have broken in to the 'official' state department mail server as they are into Hillary's email server. If anything, the fact that few knew about her server (at the time) would have made it less of a target, even if it was less secure. Security through obscurity isn't recommended, but it sometimes works.
"Since the FBI looked for several months and said they found no evidence of intrusion, if someone did break in it sounds like they did a better job than these heavy handed DNC hackers did."
What are you on about?
Are you not aware the FBI has a confirmed hacker of the email server in custody?
> I bet they hacked that as well.
Well, it was hacked ... by the US State Department.
"hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year .. two different hacking teams had had the run of the DNC's servers. Both of them were already well known and are thought to be state-sponsored groups."
'I don't think this was what the electorate had in mind when they said they wanted "more openness and transparency" from the government'
And when a government talks about openness and transparency it's the electorate's stuff that's to be open and transparent, not theirs (except to state-sponsored APTs, of course).
But it isn't open and transparent to the public, just the hackers. If the hackers would release the information then we, the electorate, would have a more open and transparent election and potentially government. Like the government types like to say when prattling to the hoi palloi, "if you've done nothing wrong then you've got nothing to hide."
If the hackers would release the information then we, the electorate, would have a more open and transparent election and potentially government.
Timewise, it's probably too late for that. Maybe 6 months ago. Right now it looks like we have a choice between "bad" and "worse" though those terms are interchangeable on each of the two main candidates.
"Political organizations do not invest much in IT security, as they have few assets worth stealing, so this attack was likely carried out by low-level hackers within the attacking organization," said John Gunn, a veep at VASCO Data Security.
"The DNC can't really have anything on Trump that isn't already somewhere on the internet, and it is hard to imagine that the hack would reveal anything more intriguing than what Trump is already saying almost daily."
No, you utter limp wristed dimwit, they may not have anything on Trump, but you forget that use of that server means they inherit a trust relationship. They now own a server that is on US soil, of a known US political organisation.
How easy do you think it will be to send email with malware that will be opened? Spam checkers see a legitimate US origin, and see links to a webserver in the US with a good reputation - it's the perfect stage to start a further stage of an APT attack or act as a proxy for all sorts of problems.
I cannot believe that a muppet who alleges to be a security professional cannot see the side effects of owning resources that belong to a trusted facility (OK, "trusted" as in established, I wouldn't trust anyone or anything associated with politics so let's park that one). It's not about the resource itself as they can hire a VM anywhere, it's about the trust network this belongs to, THAT is the value they wanted.
Most IPSECS experts are snake oil con men
I can confirm that. And I'd include a large proportion of the now apparently defunct CLAS consultants in that. The number of times I had to pull utter idiots out of the fire before they got themselves burned to badly is staggering. The problem is that you can't leave them stuck for educational purposes in the hope they get removed from the roster for sheer incompetence because it victimises others.
The simplest red flag for me is when someone calls themselves an expert. There are VERY few people who deserve that title, and giving it to yourself makes you too American for me to trust you with anything sensitive.
Democrat leadership as a whole believe they are above the fray, entitled and don't have to live by the same rules as everyone else. This attitude creates ignorance to rules, regulations and best practices to many things including information security.
The leadership in the White House, with this attitude allowed intrusion after intrusion into their own systems. Post mortem analysis showed misconfiguration and failure to follow NIST and DISA guidelines which had been in place since 2007; such as certification and accreditation practices.
Once again their attitude and ignorance bites them. Maybe they did get into financial records... maybe they didn't. Those in the Democrat Party with any power have been caught in so many lies or spin statements, there is no way you can believe them.
I like how they say... they went after 'communication'. Which means, all email, text, messaging, etc. was breached. Heck, with this information they wouldn't have to go after database files. I'm sure much of this information was sent to the DMC via email. Not to mention all the information gathered from messaging and text.
Perhaps they don't have much on Donald Trump, but what about emails and other damaging communications which come to light which could indicate the DNC is behind demonstrations which became violent, resulting in injury to people and damage to property.
Democrat philosophy: You must be robots, you can't have your own thought on issues, you must believe ours. If you don't, then we do everything to destroy you. Also, we say we're the compassionate party, but really we aren't. <-- Lovely, considering the USA was built on the notion, that people should be able to think freely, encourage debate, and critical thinking.
John Gunn is an idiot who makes his company look bad. You can't make a statement like this unless you've been hired by all political establishments in a capacity which allows you to have enough knowledge to make this statement. Don't just 'guess'.
Realistically, any political establishment with a brains wouldn't host their own servers (like the DNC did), they would use a 3rd party hosting service which typically brings the costs down and increases security. Apparently, the DNC wanted to host their own systems... why do you think this is?
Go ahead, give me a thumbs down because you just read the title instead of the whole comment.
I heard recently that Clinton super PACs have been paying homeless people and undocumented immigrants to protest and incite violence at Trump rallies. It's also interesting that Clinton's campaign denounces the violence by blaming the Sanders campaign, while the Sanders campaign has always preached non-violence and chooses to blame the individual perpetrators. There has been no evidence linking the violent protesters to any of the current presidential campaigns, so for all we know they are simply concerned citizens with uncontrollable tempers.
It's also been suggested that Trump would be a great ally to Putin, given their shared disdain for progressive activists. Going with that line of thinking, I suppose Putin would be pretty upset to learn that Clinton is trying to sabotage Trump.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
