This is either bull shit

…or scary as hell.

U.S. intelligence agencies release analysis of Russian cyber espionage
U.S. intelligence services don’t often release the details of their analysis, but Thursday they did as part of an ongoing effort to pull back the curtain on what U.S. officials believe is malicious Russian cyber activity code named Grizzly Steppe

And they still haven’t released a detailed analysis. Read that “Joint Analysis Report.” In fact, it’s simply yet-another unsubstantiated assertion. No detail in that report supports the claim that the Russian government did this. Maybe they did, but you can’t tell from that doc.

I’m not a pro at this, so I welcome input from someone who is such. As I read it, the JAR simply states that “APT 28/29” used a botnet to send spearphishing emails, which lured dumbasses to a fake web site hosted on a machine that didn’t belong to the “hackers,” and that web site passed the harvested data to yet another neutral machine which, in turn, relayed the data to the actual hackers.

To be able to honestly and definitely say that the Russians did it, the feds (FBI/CIA/NSA/whoever) had to have admin access to the web site host to see what neutral machine the site sent data to. That could come from server logs and/or database files.

Once the next machine is identified, the feds had to have admin access to it, too. They could then analyze server logs or the malicious code to see where it sent data. If you assume that it went straight from that zombie machine to the hackers, you now know the hackers’ IP address, and maybe you can make some claims.

But if the zombie sent the data to another relay between it and the hackers, you have another machine to compromise and analyze. And so on ad infinitum.

Are the feds admitting that they have that many innocent machines on the Internet compromised?

Alternatively, they could have this from human intel: leakers, snitches, spies. But intel from such sources would have to be verified, so we loop back to accessing machines.

Let’s try another scenario. Remember the NSA’s little partnership with AT&T, in which the snoops got to parallel all data running through at least one major Internet backbone router? And then there was the program to intercept routers during shipment and install spyware.

So maybe the NSA simply watched all this happen in near realtime.

Worried yet? Oh, what the heck? It’s only “metadata.”

At any rate, to substantiate the “Russians-did-it” claims, the feds would have to have admin level access to a scary number of Internet servers or routers. To prove the claim, they may have to admit to continuing to do things they’ve sworn up and down they stopped doing.

That’s not good

IMPORTANT JUNIPER SECURITY ANNOUNCEMENT
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Juniper manufactures many of the big routers that run the Internet. This means someone hacked them to crack virtual private networks. VPNs are commonly used by businesses to secure their network connections over the Internet, freedomistas, folks accessing geo-limited web sites, and… well, basically anyone who wants privacy. Think getting past the Great Firewall of China.

My money is on the NSA, where I expect heads are rolling. We know they’ve altered code in Cisco routers.

Kudos to Juniper for announcing this and releasing the patch.