Further, citing Jeffery Carr, X-Agent doesn't have anywhere near the functionality that Crowdstrike claims it does. Carr goes on further to say two other entities have access to X-Agent which Crowdstrike presents as unique. The first is Crowdstrike itself. The second is the Ukrainian hacking group RUH8 which self-identifies with Pravy Sektor."
I feel Marcy Wheeler's position change on Fancy Bear signature items is very refreshing. I think she should really commit to reading @emptywheel more thoroughly. I couldn't be more happy about Robert Mueller hanging his hat on the email address and Fancy Bear tools.
The reason I'm thrilled about it is the same people who want to argue about Fancy Bear's attribution have clearly identified the Russian GRU and FSB criminal hackers. They are called Shaltai Boltai aka Humpty Dumpty aka Anonymous International as the culprits. Good show!
The"it" I'm thrilled with is Shaltai Boltai's exclusivity in the indictment. Every journalist and politico should jump on this and understand why they point directly to Ukraine.
I believe if any of the named and unnamed CyberSec experts spent a little more time researching instead of tweeting, they would have seen this at some point during the last 2 years. Along with Mueller, they would also see choosing the evidence he did to work with, Mueller just hung THE DNC HACKS, SURKOV HACKS, PODESTA HACKS, GERMAN PARLIAMENT HACKS, TV 5 MONDE HACKS, NATO HACKS, AND REPUBLICAN HACKS on UKRAINE's ultranationalist Intel.
RUH8 credits "mostly CyberHunta" with the Surkov e-mail theft (Why this is a theft, not a hack is discussed in Fancy Bear ID article) and says it was not the result of a spear-phishing scam but rather what he describes cryptically as "special software." He claims the malware allowed CyberHunta not only to retrieve Surkov's e-mail but to "take the entire [Russian] presidential administration system under their control, and they gathered information right from the computers."
BOOM!
Everything going forward is premised on identifying Fancy Bear whose actions, tools, blogs, interviews, and indictments are in the above and below linked articles. Below we have their confessions to Fancy Bear hacks made to Ukrainian Intelligence, the Atlantic Council, and Bellingcat. We have them announcing they used the same methods for the Podesta email hack.
Since we have a basis for falsifying Fancy Bear in place, the hackers were identified in part through their qualified confessions to hacks Fancy Bear did. This was supported by RFE/RL, the Atlantic Council, and journalists that identified their association with Fancy Bear through an alternate name they were using.
If you are reading the support material in the linked articles, it's clear that the sources are kept in context. Most are friendly to Ukraine and even Mueller investigation. In these instances, the facts mattered and they reported them.
Sources I used to identify Fancy Bear include Ukrainian Intel, Bellingcat, the Atlantic Council, the hackers, the Russian traitors, Dimitry Alperovich, Crowdstrike, the SBU, RFE/RL, Newsweek, Jeffery Carr, a slew of other MSM news sources, of course, @Emptywheel's Marcy Wheeler.
Ukraine's Fancy Bear Unit started by supplying information about the situations in Ukraine and Syria. The information is the basis for a lot of Bellingcat's identifications. Ukraine's Intel provides evidence for the reports and articles they fabricate for the Atlantic Council and NATO. The Fancy Bear Intel unit supports ISIS and allied groups in Ukraine and Syria.
According to Ukrainian Intelligence Hackers (now identified as Fancy Bear), even Bellingcat is clearly a part of Ukrainian Intelligence.
- "identification of persons who could be involved in the shootdown of Flight MH17 over the occupied Donbas (this information was used in the reports by our colleagues from Bellingcat team)" -- Cyberhunta aka Fancy Bear
The first thing CyberSec people like Wheeler and prosecutors like Mueller will say is the Fancy Bear hackers are Russian FSB and GRU hackers and not Ukrainian. The Fancy Bear hackers are only Russian to the degree you include rogue Russian FSB and GRU hacker group Shaltai Boltai whose own story is linked above.
Shaltai Boltai provides a treasonous (convicted of treason, not hacking) connection to the Russian government. They worked for the Ukrainian Information Ministry which is also Cyber Intelligence by dumping Russian government data into the Ukrainian Intel CyberHunta website.
The leader of Shaltai Boltai was in Ukraine working for Intel until tricked into leaving. They belonged to Ukraine's CyberHunta and Ukrainian Cyber Alliance spy units whose members testify to the US Congress and get large sums of money for Ukraine. This is why Shaltai Boltai was surprised when they tried to confess to being Fancy Bear and no one believed them.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).