In the wake of the JAR-16-20296 dated December 29, 2016, about hacking and influencing the 2016 election, the need for real evidence is clear. The joint report adds nothing substantial to the October 7th report. It relies on proofs provided by the cyber-security firm Crowdstrike that is clearly not on par with intelligence findings or evidence. At the top of the report is an "as is" statement showing this.
The difference between Dmitri Alperovitch's claims, which are reflected in JAR-1620296, and this article is that enough evidence is provided to warrant an investigation of specific parties for the DNC hacks. The real story involves specific anti-American actors that need to be investigated for real crimes.
For instance, the malware used was an out-dated version just waiting to be found. It makes it easier when it's an old known version. Another interesting point is that the Russian malware called Grizzly Steppe is from Ukraine . How did Crowdstrike miss this when it's their business to know
Later in this article, you'll meet and know a little more about the real "Fancy Bear and Cozy Bear." The bar for identification set by has never been able to get beyond words like probably, may be, could be, or should be in their attribution.
The article is lengthy because the facts need to be in one place. The bar Dimitri Alperovitch set for identifying the hackers involved is that low. Other than asking America to trust them, how many solid facts has Alperovitch provided to back his claim of Russian involvement?
The December 29th JAR adds a flowchart that shows how a basic phishing hack is performed. It doesn't add anything substantial beyond that. Noticeably, they use both their designation APT 28 and APT 29 as well as the CrowdStrike labels of Fancy Bear and Cozy Bear separately.
This is important because information from outside intelligence agencies has the value of rumor or unsubstantiated information at best according to policy. Usable intelligence needs to be free from partisan politics and verifiable. Intel agencies noted back in the early '90s that every private actor in the information game was radically political.
The Hill.com article about Russia hacking the electric grid is a perfect example of why this intelligence is political and not taken seriously. If any proof of Russian involvement existed, the US would be at war. Under current laws of war, there would be no difference between an attack on the power grid or a missile strike.
According to the Hill, "Private security firms provided more detailed forensic analysis, which the FBI and DHS said Thursday correlated with the IC's findings.
"The Joint Analysis Report recognizes the excellent work undertaken by security companies and private-sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response," read a statement. The report identifies two Russian intelligence groups already named by CrowdStrike and other private security firms.
In an interview with Washington's blog, William Binney, the creator of the NSA global surveillance system, said, "I expected to see the IPs or other signatures of APT's 28/29 [the entities which the U.S. claims hacked the Democratic emails] and where they were located and how/when the data got transferred to them from DNC/HRC [i.e., Hillary Rodham Clinton]/etc. They seem to have been following APT 28/29 since at least 2015, so, where are they?"
According to the latest Washington Post story, CrowdStrike's CTO tied a group his company dubbed "Fancy Bear" to targeting Ukrainian artillery positions in Debaltsevo as well as across the Ukrainian civil war front for the past 2 years.
Alperovitch states in many articles the Ukrainians were using an Android app to target the self-proclaimed Republics' positions and that hacking this app was what gave targeting data to the armies in Donbass instead.