Jump to content

Cre8asiteforums

Discussing Web Design & Marketing Since 1998

  • Announcements

    • cre8pc

      Thank you! Cre8asiteforums 1998 - 2018   01/18/2018

      Internet Marketing Ninjas released many of the online forums they had acquired, such as WebmasterWorld, SEOChat, several DevShed properties and these forums back to their founders. You will notice a new user interface for Cre8asiteforums, the software was upgraded, and it was moved to a new server. Thank you for your support as we turn 20 years old.  
cre8pc

Wordfence Investigates Russian/us Hacking Claims

Recommended Posts

This is really fascinating. Loaded with techie stuff for you and no smoking gun but my feeling is that we will not get ALL the information that's classified on this topic.

 

Regarding WordPress, hacking, etc. this article is pretty in-depth. The comments are fun too.

 

US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

 

Overall Conclusion

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

 

Share this post


Link to post
Share on other sites

It would be nice, just for comparison purposes, to see this kind of analysis done by the other side which would indicate the same type of activity by some Nation State Agency player(s) on this side.

 

Not holding my breath.

Edited by bobbb

Share this post


Link to post
Share on other sites

I just read all the comments in that article. The conclusion is indeed factual but I can add one observation. Hackers they describe are motivated by money and there was no money in hacking the DNC servers and delivering it to Wikileaks in some sort of ideological statement. So motivation comes into play.

The botnets owned by these hackers can be hired without the owners knowing exactly how it will be used and they don't care as long as there is money in it. Anyone can rent those botnets... well anyone with the right connections. I'm sure I could not. So who was motivated? Someone knows. We never will.

Share this post


Link to post
Share on other sites

There was an article on CNN today that said that Vermont found they were hacked. They don't say by what, but when I read it, I wondered if it was with the same malware reference above, but not named in the article. And if the same, the intent of the article is misleading. I'm not feeling really confident about what the public is being told.

Share this post


Link to post
Share on other sites

WordFence has released part 2 with a FAQ

 

Election Hack Report FAQ: What You Need to Know

Our report has received wide coverage. Since then I have been interviewed on international network news and by online publications to share our findings. I’d like to provide some clarity both on the FBI/DHS report itself and our findings in the form of an FAQ.

Our business is WordPress security and our customers use WordPress and the Wordfence firewall and malware scanner. Some of this report will be talking directly to our customers, and some of it will be helpful for those interested in security in general and global events.

 

Does the report prove that Russia Hacked the 2016 US Election?

No it does not. What Wordfence revealed on Friday is that the PHP malware sample that the US government provided is:

  • An old version of malware. The sample was version 3.1.0 and the current version is 3.1.7 with 4.1.1 beta also available.
  • Freely available to anyone who wants it.
  • The authors claim they are Ukrainian, not Russian.
  • The malware is an administrative tool used by hackers to upload files, view files on a hacked website, download database contents and so on. It is used as one step in a series of steps that would occur during an attack.

Wordfence also analyzed the IP addresses available and demonstrated that they are in 61 countries, belong to over 380 organizations and many of those organizations are well known website hosting providers from where many attacks originate. There is nothing in the IP data that points to Russia specifically.

 

Edited by cre8pc

Share this post


Link to post
Share on other sites

If it is this easy to hack anywhere, from Yahoo!, to WordPress, to electrical grids and all manner of data, I wonder what, if anything, is being done to prevent something like taking down a country's electrical grid. It feels to me (paranoid?) that the reported event in Vermont was just a test run. They didn't take down a grid but tested to see how far they could get into it.

 

Mr. Trump says he knows things we don't. Waiting for him to Twitter it to us all.

 

B:)

Share this post


Link to post
Share on other sites

If it is this easy to hack anywhere, from Yahoo!, to WordPress, to electrical grids and all manner of data, I wonder what, if anything, is being done to prevent something like taking down a country's electrical grid. It feels to me (paranoid?) that the reported event in Vermont was just a test run. They didn't take down a grid but tested to see how far they could get into it.

 

 

Last year one downed power grid in the Ukraine:

 

 

 

Mr. Trump says he knows things we don't. Waiting for him to Twitter it to us all.

 

B:)

 

Give me a break. Trump doesn't even use a computer. He tweets. If he likes what someone told him he'll repeat it. He knows as much about the issue as my toe nail clippings.

Share this post


Link to post
Share on other sites
He knows as much about the issue as my toe nail clippings.

 

Nodding furiously....

 

He actually said that no computer is secure and that if we want to send out something safely, "use a courier". All I could think of was how fun it will be tack up my horse and deliver news!

  • Like 1

Share this post


Link to post
Share on other sites

 

All I could think of was how fun it will be tack up my horse and deliver news!

post-6465-0-12243200-1483379638_thumb.png

Share this post


Link to post
Share on other sites
Mr. Trump says he knows things we don't.

Today this is probably very true. He has been briefed since November....

OK then, he knows what he is being told (like any other leader of a government).

 

He actually said that no computer is secure and that if we want to send out something safely, "use a courier".

Part A partly true. It's secure if turned off, locked in a room 50 feet underground with 10 foot concrete walls, ceiling, and floor, a 2 foot steel door, rabid pitbulls inside, and armed guards at the entrance. This excludes Ethan Hunt (Tom Cruise) of course.

 

Maybe he has not been briefed yet about packages being intercepted in transit, doctored, then sent back on its route.... wait.... even I know this.

Edited by bobbb

Share this post


Link to post
Share on other sites

Kim's Pony Express!
The news is coming! The news is coming!
Eventually...

A dirty little secret. The US (and many/most others) military has what are known as 'red' teams that test their military and defence installations physical security regularly, if infrequently. They almost never fail. Think about that. If one can physically penetrate and accomplish whatever the assigned goal is at such establishments where security is an active requirement...
Note: similar tests of the TSA at US airports have, again, just about a perfect record of success. All that airport security is expensive theatre to calm civilian fears not actual effective security.

The internet and most especially the web were not conceived nor built with security - except that of the data getting from point A to point B - in mind at all. And most devices and installations that connect to the internet - especially those web enabled - from your home nanny cam to your car to power plants, hospitals, traffic control - are typically build without a single thought to security of any sort.

You'll notice that just about all hackers caught and sentenced are script kiddies. When was the last time you read of a truly competent (non-publicity seeking) individual let alone state sponsored experts being identified let alone convicted? In most of the news stories of such incidents it is rarely a matter of fact but of circumstantial evidence pointing in some direction. And with the ease of spoofing just about everything circumstances, in such cases, may well be misleading.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×