US EXPELS 35 Russian diplomats, closes two compounds.

[beagle9]

Trump will allow the diplomats back in 3 weeks, most likely.

This was a very bad move by Obama that is not going to accomplish anything positive.

If anyone thinks this lame gesture will stop anyone from spying, they are very stupid.

What Obama did was the right thing to do. You don't give Russia a free pass. Politically it's also a good movie for Obama because it boxes Trump into a position of allying himself with Putin, a position that most his party does not support. The interest of US and Russian are about as far apart as you can get. Eventually Putin will turn on Trump.

Yeah, clearly Putin did not expect this kind of response. He wanted Trump expecting Trump would lift current U.S. Sanctions, and that has clearly backfired on him. The last thing Putin wanted was more U.S. Sanctions which Republicans in the Senate have already promised. Obama kicking out all Russian diplomats is historic. They go along with their families that may have been rooted in this country for decades. Prior to all this a Russian diplomat did admit that they had contact with the Trump campaign.
http://www.nytimes.com/2016/11/11/world/europe/trump-campaign-russia.html?_r=

Putin has already stated that he won't kick out American diplomats. So he has to repair the damage done, because all gains over the last 20 years, or since the cold war are now GONE. He knows he did it by interfering in our National election, something they've never done before. But they went after the Pentagon recently.
Russian hack almost brought the U.S. military to its knees

It's going to be very interesting to see what Putin does over the next few weeks. Obama is to release more information over the next few weeks, but it looks like Obama and Senate Republicans are intent on diminishing the credibility of the Trump administration long before he is sworn in. Trump won't even be able to blink at Russia without suspicion.

Personally, I hope this ass clown gets impeached.
Donald Trump's Many, Many, Many, Many Ties to Russia

. You can leave anytime you want traitor. I have never seen such betrayal of an American citizen now President in all my life, and comparing Obama's actions to JFK is laughable at best.

 

[beagle9]

[
I'm still not seeing the problem here. Information like that could have been acquired from many sources. I wonder how hard it is to hack an unprotected private server? You know, like the one Hilary Clinton had. Or even more likely it came directly from an inside source. Could it be more obvious that some kind of internal power struggle is going on?

Clinton's server was protected, but hacked. No. I think i'll listen to the intelligence agencies take on what happened. They seem more reliable than your average message board poster.

. Clintons server was illegal.

 

[beagle9]

Canada's population might be getting ready to see a huge spike, so get ready Canada.

 

[Dr Grump]

. Ok, so why are you hear acting as if you know so much, if you don't know squat ?? You people reveal your bull crap daily, and you think that the average poster is to dum to see it, but that's where you fool your ownselves.

I don't know much. That is my point. However, the likes of you and your ilk just listen to Briefart, Infowars, and the Orange One himself and take it as fact. And to be honest, anybody who types 'hear' instead of 'here' and 'dum' instead of 'dumb' and makes up words like 'ownselves' I don't really think has any right having a go at others. I mean, if you made one typo, I get that. But several? You're a dumb fuck.

Typo's is all you got ? LOL. Does your comprehension skills go lacking when someone makes a typo or misspelled a word ? No, but that to is another way to belittle your opponent, but for those who would rather comprehend the content instead of the petty things you speak of, then they are the smarter ones who are here I'd say. I've seen posters make many mistakes over the years, and many that were caused by Google choosing words for the poster based upon typo errors that still aren't corrected by Google, but the content is what I'm after, and not some petty typo worries like you have.

Once again you totally miss the point.

 

[Dr Grump]

Clinton's server was protected, but hacked. No. I think i'll listen to the intelligence agencies take on what happened. They seem more reliable than your average message board poster.

. Clintons server was illegal.[/QUOTE]

She has acknowledged that. So was Trump buying a painting of himself using Trump Foundation money. And??

 

[beagle9]

Cruise ships to be acquired temporarily by our new government, should be a viable option for one way tickets for all America haters to reach the destinations of their choice. To unite is to mean unite, and not continually be undermined by an enemy within. This nation should have had enough of this by now. The taking advantage of a good humble decent people has to come to an end, and I hope it will to a great extent now. It's time to make America great again, and to put Americans 1'st again.

 

[beagle9]

Clinton's server was protected, but hacked. No. I think i'll listen to the intelligence agencies take on what happened. They seem more reliable than your average message board poster.

. Clintons server was illegal.

She has acknowledged that. So was Trump buying a painting of himself using Trump Foundation money. And??

. Haven't heard that one yet, so is this something proven ? If so then what do you think should be the penalty of such a thing ? Remember you have Hillary's daughter using money as well, and other crazy things going on with the Clinton foundation. Is it really worth the back and forth to you ? It's not going to change anything now, so get over it already because all the back and forth in comparisons are done. Time to focus on the new administration's actions going forward.

 

[Dr Grump]

Haven't heard that one yet, so is this something proven ? If so then what do you think should be the penalty of such a thing ? Remember you have Hillary's daughter using money as well, and other crazy things going on with the Clinton foundation. Is it really worth the back and forth to you ? It's not going to change anything now, so get over it already because all the back and forth in comparisons are done. Time to focus on the new administration's actions going forward.

Actually, no. You are wrong about the Clinton foundation. It seems if you give enough fake news people start believing it. Not cool

You are right though. New admin. Be interesting to see how it goes.

 

[Dr Grump]

Cruise ships to be acquired temporarily by our new government, should be a viable option for one way tickets for all America haters to reach the destinations of their choice. To unite is to mean unite, and not continually be undermined by an enemy within. This nation should have had enough of this by now. The taking advantage of a good humble decent people has to come to an end, and I hope it will to a great extent now. It's time to make America great again, and to put Americans 1'st again.

I know I said it is a new admin and time to move on and you thanked me for that post. However, this post? I couldn't disagree more. You have never had any enemy within. That is an outright lie. Make America great again? It always was. Nothing Trump will do can change your current trajectory. He basically lied and didn't tell the truth. i am very interested to see how it ends up.

 

[EverCurious]

So then you're /not/ cool with the sanctions the Obama admin just tossed at Russia right?

 

[jc456]

Trump will allow the diplomats back in 3 weeks, most likely.

This was a very bad move by Obama that is not going to accomplish anything positive.

If anyone thinks this lame gesture will stop anyone from spying, they are very stupid.

What Obama did was the right thing to do. You don't give Russia a free pass. Politically it's also a good movie for Obama because it boxes Trump into a position of allying himself with Putin, a position that most his party does not support. The interest of US and Russian are about as far apart as you can get. Eventually Putin will turn on Trump.

Or, I can disagree and say he needs evidence which he doesn't have before creating a conflict with our biggest enemy. Ok?

 

[jc456]

So then you're /not/ cool with the sanctions the Obama admin just tossed at Russia right?

What are they?

 

[EverCurious]

...

The Obama administration struck back at Russia on Thursday for its efforts to influence the 2016 election, ejecting 35 Russian intelligence operatives from the United States and imposing sanctions on Russia’s two leading intelligence services.

The administration also sanctioned four top officers of one of those services, the military intelligence unit known as the G.R.U., which the White House believes ordered the attacks on the Democratic National Committee and other political organizations.

 

[MindWars]

What The Russian Hacking Report DOESN’T Say
By Washington's Blog
Global Research, December 29, 2016
Washington's Blog
Region: Russia and FSU, USA
Theme: Intelligence

Today, the Department of Homeland Security and FBI released a report alleging Russian hacking.

It’s important to note what the report does NOT say …

It does NOT allege any of the following:

• It doesn’t claim that it’s accurate. Instead, the report starts with a disclaimer, and uses the same type of weasel words – “as is”, “does not provide any warranties of any kind regarding any information” – that someone selling a lemon uses when he doesn’t want to talk about the fact that the blasted thing won’t run and doesn’t want to get sued for false misrepresentation:

• It doesn’t mention Wikileaks … not even once. In other words, the report does not allege that the Russians gave any Democratic Party or Podesta emails to Wikileaks

• It doesn’t address the fact that the NSA possesses records showing exactly how the emails went from the Democratic Party to Wikileaks, as it tracks all electronic communications in the U.S.

• It doesn’t address the fact that Russia would not have used widely known hacking methods (and wouldn’t have paid tribute within the code to a famous Russian intelligence officer), and that anyone could have copied these methods and names

• It doesn’t address the fact that top former NSA and CIA officials (and Wikileaks) says that these were not hacks at all … but rather leaks by American insiders

• It doesn’t address American intelligence services’ less-than-stellar history of truthfulness, and routinely skew intelligence to justify preordained policy outcomes

• It doesn’t address the fact that – according to the Los Angeles Times – the U.S. interfered in foreign elections 81 times between 1946 and 2000 … compared to only 36 times by the Ruskies

• It doesn’t address the fact that most Americans aren’t buying the whole claim that the Russians hacked our election

In other words, the report really doesn’t say much of anything …

http://www.globalresearch.ca/what-the-russian-hacking-report-doesnt-say/5565479

Oh this little nugget. Right. You do know that disclaimer is put on EVERY document they release?? You do know that right? That aside, quoting from a right-wing troll site doesn't help your argument.

I'm apparently not following this. What's the problem again? What did Russian hackers do? Did they hack voting machines or something that directly effects the election? White House spokesmen seem kind of vague about what's actually occurred. Perhaps you can shed some light on that, because so far, all that seems to have happened is some embarrassing e-mails have been made public.

Nobody hacked our election system, msm, obama, and clintons are the only idiots claiming they did so all their little sheep get on board and support them . While the sheep have no idea the games our Gov. plays .
They think Government never set people up, never lie....etc.

 

[EverCurious]

As I told you all yesterday, and why I'm poo pooing at the "evidence" - doubt you'll see this one in the MSM but folks who know anything about IT security (or hacking) are scratching their heads (and/or laughing at partisan tantrums) - US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

By viewing the source code, we could find the name of the malware and the version. It is P.A.S. 3.1.0.

We googled it and found a website that makes this malware. You can find the site at this address: Download P.A.S. v.3.1.7

<see source site for pic>

You can enter a password that you will use to access your malware once it’s installed and then hit ‘download’ and a ZIP file downloads.

Malware Conclusions

DHS and DNI have released a joint statement that says:

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”

The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.

DHS provided us with 876 IP addresses as part of the package of indicators of compromise. Lets look at where they are located. The chart below shows the distribution of IP addresses by country.

<See source site for pic>

As you can see they are globally distributed with most of them in the USA.

Lets look at who the top ISP’s are who own the IP addresses:

<see source site for pic>

There are several hosting companies in the mix including OVH SAS, Digital Ocean, Linode and Hetzner. These are hosting companies that provide low cost hosting to WordPress customers and customers who use other PHP applications. A common pattern that we see in the industry is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.

Out of the 876 IP addresses that DHS provided, 134 or about 15% are Tor exit nodes, based on a reverse DNS lookup that we did on each IP address. These are anonymous gateways that are used by anyone using the Tor anonymous browsing service.

For clarification, the attacks discussed here are just the ones on WordPress no one else (aka DNC, energy, Pentagon) however the findings about /who/ is making the attacks is relevant when it comes to narrowing down specific perpetrators and/or their country of origin.

We examined our attack data to see which IP addresses in the DHS data are attacking our customer websites. We found a total of 385 active IP addresses during the last 60 days. These IP addresses have launched a total of 21,095,492 complex attacks during that 60 day period that were blocked by the Wordfence firewall. We consider a complex attack to be an attack that tries to exploit a vulnerability to gain access to a target.

We also logged a total of 14,463,133 brute force attacks from these IP addresses during the same period. A brute force attack is a login guessing attack.

The chart below shows the distribution of the number of attacks per IP address. It only takes into account complex attacks. As you can see, a small number of the IP addresses that DHS provided as IOC’s are responsible for most of the attacks on WordPress websites that we monitor.

<see source site for pic>

The following shows the list of the top 50 IP addresses in the DHS report sorted by the number of complex attacks we saw from each IP during the past 60 days.

<see source site for pic>

As you can see, many of the top attacking IP addresses are Tor exit nodes. There is also a relatively small number of IP addresses launching most of the attacks on websites we monitor.

Conclusion regarding IP address data

What we’re seeing in this IP data is a wide range of countries and hosting providers. 15% of the IP addresses are Tor exit nodes. These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can find a public repository containing the data used in this report on github.

As always I welcome your comments. Please note that I will delete any political comments. Our goal in this report is to merely analyze the data DHS provided and share our findings.

 

[EverCurious]

I'm going to say it again folks, the only way I can see for the US gov to be able to pin this on the Russians is for us to have stolen documents that conclusively show the two hacker agents were theirs...

 

[dannyboys]

As I told you all yesterday, and why I'm poo pooing at the "evidence" - doubt you'll see this one in the MSM but folks who know anything about IT security (or hacking) are scratching their heads (and/or laughing at partisan tantrums) - US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

By viewing the source code, we could find the name of the malware and the version. It is P.A.S. 3.1.0.

We googled it and found a website that makes this malware. You can find the site at this address: Download P.A.S. v.3.1.7

<see source site for pic>

You can enter a password that you will use to access your malware once it’s installed and then hit ‘download’ and a ZIP file downloads.

Malware Conclusions

DHS and DNI have released a joint statement that says:

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”

The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.

DHS provided us with 876 IP addresses as part of the package of indicators of compromise. Lets look at where they are located. The chart below shows the distribution of IP addresses by country.

<See source site for pic>

As you can see they are globally distributed with most of them in the USA.

Lets look at who the top ISP’s are who own the IP addresses:

<see source site for pic>

There are several hosting companies in the mix including OVH SAS, Digital Ocean, Linode and Hetzner. These are hosting companies that provide low cost hosting to WordPress customers and customers who use other PHP applications. A common pattern that we see in the industry is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.

Out of the 876 IP addresses that DHS provided, 134 or about 15% are Tor exit nodes, based on a reverse DNS lookup that we did on each IP address. These are anonymous gateways that are used by anyone using the Tor anonymous browsing service.

We examined our attack data to see which IP addresses in the DHS data are attacking our customer websites. We found a total of 385 active IP addresses during the last 60 days. These IP addresses have launched a total of 21,095,492 complex attacks during that 60 day period that were blocked by the Wordfence firewall. We consider a complex attack to be an attack that tries to exploit a vulnerability to gain access to a target.

We also logged a total of 14,463,133 brute force attacks from these IP addresses during the same period. A brute force attack is a login guessing attack.

The chart below shows the distribution of the number of attacks per IP address. It only takes into account complex attacks. As you can see, a small number of the IP addresses that DHS provided as IOC’s are responsible for most of the attacks on WordPress websites that we monitor.

<see source site for pic>

The following shows the list of the top 50 IP addresses in the DHS report sorted by the number of complex attacks we saw from each IP during the past 60 days.

<see source site for pic>

As you can see, many of the top attacking IP addresses are Tor exit nodes. There is also a relatively small number of IP addresses launching most of the attacks on websites we monitor.
Conclusion regarding IP address data

What we’re seeing in this IP data is a wide range of countries and hosting providers. 15% of the IP addresses are Tor exit nodes. These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can find a public repository containing the data used in this report on github.

As always I welcome your comments. Please note that I will delete any political comments. Our goal in this report is to merely analyze the data DHS provided and share our findings.

The US government has been hacking literally every other country's computer systems since the first computers were built. Same goes with every other country.
Obama is claiming to have 'discovered' evidence of hacking all of a sudden.
Such bullshit!!!!!
"Hello Debbie? Yes Bill is fine. Listen Debbie as you know I was the SOS for four years. During that time I was informed about the thousands of attempts daily by a dozen countries to hack into our systems.
Just a head's up Debbie. You might want to hire some professionals to keep the DNC computers safe from being hacked. You never know what a hacker could disclose to the public about what we are doing to get me elected.
Ya I'll give him your best".

 

[EverCurious]

Yes they have, it's what we do.

(For the sake of honesty I'd like to say that I added the following to the original post after your reply:

For clarification, the attacks discussed here are just the ones on WordPress no one else (aka DNC, energy, Pentagon) however the findings about /who/ is making the attacks is relevant when it comes to narrowing down specific perpetrators and/or their country of origin.)

 

[jc456]

As I told you all yesterday, and why I'm poo pooing at the "evidence" - doubt you'll see this one in the MSM but folks who know anything about IT security (or hacking) are scratching their heads (and/or laughing at partisan tantrums) - US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

By viewing the source code, we could find the name of the malware and the version. It is P.A.S. 3.1.0.

We googled it and found a website that makes this malware. You can find the site at this address: Download P.A.S. v.3.1.7

<see source site for pic>

You can enter a password that you will use to access your malware once it’s installed and then hit ‘download’ and a ZIP file downloads.

Malware Conclusions

DHS and DNI have released a joint statement that says:

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The report contains specific indicators of compromise, including IP addresses and a PHP malware sample.”

The PHP malware sample they have provided appears to be P.A.S. version 3.1.0 which is commonly available and the website that claims to have authored it says they are Ukrainian. It is also several versions behind the most current version of P.A.S which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.

DHS provided us with 876 IP addresses as part of the package of indicators of compromise. Lets look at where they are located. The chart below shows the distribution of IP addresses by country.

<See source site for pic>

As you can see they are globally distributed with most of them in the USA.

Lets look at who the top ISP’s are who own the IP addresses:

<see source site for pic>

There are several hosting companies in the mix including OVH SAS, Digital Ocean, Linode and Hetzner. These are hosting companies that provide low cost hosting to WordPress customers and customers who use other PHP applications. A common pattern that we see in the industry is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.

Out of the 876 IP addresses that DHS provided, 134 or about 15% are Tor exit nodes, based on a reverse DNS lookup that we did on each IP address. These are anonymous gateways that are used by anyone using the Tor anonymous browsing service.

For clarification, the attacks discussed here are just the ones on WordPress no one else (aka DNC, energy, Pentagon) however the findings about /who/ is making the attacks is relevant when it comes to narrowing down specific perpetrators and/or their country of origin.

We examined our attack data to see which IP addresses in the DHS data are attacking our customer websites. We found a total of 385 active IP addresses during the last 60 days. These IP addresses have launched a total of 21,095,492 complex attacks during that 60 day period that were blocked by the Wordfence firewall. We consider a complex attack to be an attack that tries to exploit a vulnerability to gain access to a target.

We also logged a total of 14,463,133 brute force attacks from these IP addresses during the same period. A brute force attack is a login guessing attack.

The chart below shows the distribution of the number of attacks per IP address. It only takes into account complex attacks. As you can see, a small number of the IP addresses that DHS provided as IOC’s are responsible for most of the attacks on WordPress websites that we monitor.

<see source site for pic>

The following shows the list of the top 50 IP addresses in the DHS report sorted by the number of complex attacks we saw from each IP during the past 60 days.

<see source site for pic>

As you can see, many of the top attacking IP addresses are Tor exit nodes. There is also a relatively small number of IP addresses launching most of the attacks on websites we monitor.

Conclusion regarding IP address data

What we’re seeing in this IP data is a wide range of countries and hosting providers. 15% of the IP addresses are Tor exit nodes. These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can find a public repository containing the data used in this report on github.

As always I welcome your comments. Please note that I will delete any political comments. Our goal in this report is to merely analyze the data DHS provided and share our findings.[/I]

So curious, how do they know it's Ukrainian? And how is Ukraine malware that is only used by Russia?

 

[EverCurious]

Benefit of the doubt since I parsed out the pictures to compact the message and remove unintelligible coding stuff ya'll likely wouldn't understand.

Though the long answer is that the author of the article doesn't, which is why they said that in the article had you read it... That said, who made the malware code is mildly irrelevant because it's so widely distributed globally - even if you want to argue that Russian's wrote the code that does not connect the dots to any evidence that the two specific agents who used it being "Russian government"