View Single Post
Old 27th November 2019, 11:50 AM   #26
Penultimate Amazing
smartcooky's Avatar
Join Date: Oct 2012
Location: Nelson, New Zealand
Posts: 16,761
Originally Posted by Crazy Chainsaw View Post
Oh and I agree all Crowdstrike need was the Metha data of what data went where the hardware is useless in determining who attacked the DNC Network simply because it is a network.
Well, not quite. When a computer is hacked via a network, the hacker leaves digital fingerprints on the HDD that a computer forensics expert can find, even if the hacker was very, very careful to clean up after themselves. Often, it is the clean up effort that is actually detected first, and that leads them to the network, and gives the investigators clues as to what to look for when the come to examine copies of the stolen files.

For example, In the DNC hack, Crowdstrike examined stolen files published by Wikileaks. Their metadata showed that they contained text converted from the Russian Cyrillic alphabet to the Latin alphabet. Also, they were able to determine that the hacker, Guccifer 2.0 was lying when he said he was Romanian, because he had difficulty speaking the language fluently - a problem that a native speaker would not have.

However, the clues that led them to this came from evidence found on the server HDDs, so having the hardware is a necessary step. As Crowdstrike themselves have said

"When cyber investigators respond to an incident, they capture that evidence in a process called “imaging.” It involves making an exact byte-for-byte copy of the hard drives. They do the same for the machine’s memory, capturing evidence that would otherwise be lost at the next reboot, and they monitor and store the traffic passing through the victim’s network."

Trump's assertion that "Once they hack, if you don't catch them in the act you're not going to catch them" is completely false. Yes, its difficult, but its not impossible.
"Obviously there are cases where we cannot come to a clear conclusion in digital forensics. It’s always a question of what evidence did you get,"

"But there is still this 'attribution is impossible' knee jerk reaction that occasionally pops up, which really doesn’t make much sense. The idea that attribution is not possible really doesn’t carry any weight in the technically informed community any more."

- Thomas Rid (a cybersecurity-focused professor in the department of War Studies at King’s College London)

In any case, Crowdstrike did actually catch the Russians in the act)

I want to thank the 126 Republican Congress members for providing a convenient and well organized list for the mid-terms.
- Fred Wellman (Senior VA Advisor to The Lincoln Project)
If you don't like my posts, my opinions, or my directness then put me on your ignore list. This will be of benefit to both of us; you won't have to take umbrage at my posts, and I won't have to waste my time talking to you... simples! !
smartcooky is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top