William R Collier Jr- The case used by the US government to prove Russian hacking of the DNC and John Podesta’s email to allegedly influence the US election does not stand on firm ground, if the evidence provided is all there is. A well-known and trusted cyber-security company that provides security software to protect WordPress sites from being hacked has revealed that the malware cited as Russian malware is really slightly outdated malware available for purchase from Urkaine and the IP addresses cited are actually broad, generic IP addresses associated with numerous hosting companies and TOR access points. Based on the evidence provided, Wordfence concluded in their review, there was no way to determine a link to Russian intelligence agencies.
The article is here.
The bottom line, according to the article, is
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
The Washington Post had to walk back a story today in which it claimed that the Russians had hacked into the power grid via a Vermont company. It turns out the company had reported that malware flagged by the DHS document, and, we now know, which actually originates in Ukraine and not Russia, was found on an employee’s laptop.
Glenn Greenwald of The Intercept wrote in part–
There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all its computers and found the code in a single laptop that was not connected to the electric grid.
In point of fact, what is not known is if some other software was found or the software noted in the DHS release, which would be this Ukrainian software that is both slightly outdated and sold over the counter.
Wordfence for its part did not draw any political conclusions and in their blog forbade any mention of politics. Their assessment was made for purely professional reasons, to keep their own users updated. It appears, unless you do not have very basic security on your website, this software is not nearly sophisticated enough to do you harm.
Here is a copy of their screenshot of the software download site, showing that is originated from Ukraine, is outdated (there is a much newer version), and can be purchased online by anyone.
Like Wordfence, we will be careful not to say this proves there is no possible Russian connection to the email physhing scheme that John Podesta fell for or the leaking of DNC emails, which some have claimed were provided to Wikileaks by an insider and not hacked. In fact, Julian Assange has consistently denied that the Russians were his source. That being said, one never knows if the person who provided the emails was in fact the original source or if they were a cutout.
So, it is irresponsible to deny the possibility that Russian agencies were interested in impacting the election by any means possible. We can assum, however, that they are not alone, and would also ask about the role of Arab powers who have contributed tens of millions of dollars to the Clinton Foundation, or of the Chinese who are buying into Hollywood and who could easily influence content.
While it is entirely possible that the proof is classified and compelling, the fact this information was released AS PROOF seems to be, at best, a poorly conducted PR stunt, but, at worse, proof that the intelligent assessment agreed to by 17 US intelligence agencies is as reliable of some of their previous assessceent over the years, which have been horribly wrong, not least of which that Saddam Hussein had weapons of mass destruction.