This is the best — most concise — of the many technical commentaries that make it clear CIA is completely out of its depth, has no understanding, and is almost certainly deceiving the public with its false statements.
by James Scott, Sr. Fellow, ICIT
Malicious actors can easily position their breach to be attributed to Russia. It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia. For additional operational security, use publically available whitepapers and reports to determine the tool, techniques, and procedures of a well-known nation-state sponsored advanced persistent threat (APT), access Deep Web forums such as Alphabay to acquire a malware variant or exploit kit utilized in prolific attacks, and then employ the malware in new campaigns that will inevitably be attributed to foreign intelligence operations. Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple that’s its virtually “Script Kiddie 101” among malicious cyber upstarts.
Phi Beta Iota: John Brennan and the CIA as represented by John Brennan (not the good people trapped in that bad system) are not just full of crap, but committing treason by propagandizing the US public in direct violation of both the facts and Presidential intent. Brennan should be immediately dismissed as Director of the Central Intelligence Agency, and the CIA “report” rescinded. The USG — including NSA — are not very good at cyber-forensics, a point made most ably by Mark Bowden in his book WORM – The First Digital World War. All of the knowledge is outside the government. Robert Steele’s summary review is here: Review: WORM – The First Digital World War.