Popular Post Starkiller Posted July 17, 2018 Popular Post Report Share Posted July 17, 2018 I figured this deserved it’s own thread, just so any time the Trumptards bring it up we can point back to it... https://motherboard.vice.com/en_us/article/zmkxp9/dnc-server-conspiracy-theory-russian-hack-explained It is widely believed that CrowdStrike, a cybersecurity firm hired by the DNC to respond to the hack, gave an identical image of some of the servers to the FBI, which experts I’ve spoken to say would be more useful than giving the FBI a physical server itself. I say “widely believed,” because we don’t know exactly what CrowdStrike gave to the FBI. However, in March 2017, former FBI Director James Comey told Congress that the FBI got an “appropriate substitute” from CrowdStrike, and Mueller’s indictment makes clear that the FBI has lots of information about the hack from both within the DNC and from other sources. CrowdStrike declined a request for comment from Motherboard. I called up Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies to help explain the technical details behind this type of forensic investigation. Rid, who wrote a detailed explanation about why Russia was likely behind the DNC hackfor Motherboard in July 2016, told me that “from a forensic point of view, the question of a server at this stage doesn’t make any sense.” “To really investigate a high profile intrusion like the DNC hack, you have to look beyond the victim network,” Rid said. “You have to look at the infrastructure—the command and control sites that were used to get in that are not going to be on any server ... looking at one server is just one isolated piece of infrastructure.” Even so, what CrowdStrike gave the FBI is likely better than if it had seized and analyzed a physical box. “To keep it simple, let’s say there’s only one server. CrowdStrike goes in, makes a complete image including a memory dump of everything that was in the memory of the server at the time, including traffic and connections at the time,” Rid said. “You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It’s unplugged, so there’s no memory content because it’s powered down. That physical piece of hardware is less valuable for an investigation than the onsite image and data extraction from a machine that is up and running. The idea a physical server would add any value doesn’t make any sense.” What Rid means is that after a hack, some of the evidence of who did it and how they did it may be fleeting. It could be in the server’s memory, the RAM, and not stored on its hard drive. (Hackers use “fileless” malware precisely for this reason.) To preserve evidence in cases like these, incident responders need to make an image—essentially a copy of the server in that exact same state at that exact same time—so they can look at it afterwards. Think about this like when investigators take pictures of the crime scene or victim. Lesley Carhart, principal threat hunter at the cybersecurity firm Dragos, told Motherboard that physical servers are rarely seized in forensics investigations. "For decades, it has been industry-standard forensic and digital evidence handling practice to conduct analysis on forensic images instead of original evidence," she said. "This decreases the risk of corruption or accidental modification of that evidence." I asked Rid if he thought it was suspicious that the DNC did not hand over the actual server to the FBI, and he said “no, not at all.” begooode, reo, pamo9, and 8 others 7 1 3 Link to post Share on other sites More sharing options...
Popular Post OzTitan Posted July 17, 2018 Popular Post Report Share Posted July 17, 2018 The in-memory point is a good one - remember the episode of Seinfeld when George wanted to move the Frogger machine without turning it off? You want to keep systems up and running because what they have in volatile memory could be key. Anyway taking images and memory dumps is basic computer forensics 101, literally one of the first things you'd learn how to do. So it's overwhelmingly likely they did this to the affected DNC servers. Who has those images and dumps is not known but that seems entirely normal for an ongoing investigation - details like that are not important in public reports. This whole saga is really frustrating for someone who knows a thing or two about the technical aspects of hacks like this. Frustrating to keep hearing people spout bullshit, but also really illuminating to see who is doing it. I can only imagine what other areas of expertise get trampled and disregarded when politics churns its gears to find and make its truth. reo, begooode, IsntLifeFunny, and 3 others 6 Link to post Share on other sites More sharing options...
Cyrus Posted July 17, 2018 Report Share Posted July 17, 2018 Ummm. But wouldn’t there still be forensics in the tubes? (The Internet). Or fingerprints on the hard drive. You never know what they might have left a trail of. That’s why you need the SERVER. reo, Soxcat, and titanruss 1 2 Link to post Share on other sites More sharing options...
reo Posted July 17, 2018 Report Share Posted July 17, 2018 4 minutes ago, JakePA_Titan said: Believed. Another strong word there. One that gets eyes poppin with no proof. Typical verbage in arguments conjured up by the left.... It even goes on to say they don't know what exactly was given. Lmao....But BELIEVE it! Lol Anyway...lets say it was a pic....its better than a physical server itself? Lmao wow. I bet. BELIEVE IT. Is a picture of a pussy more useful than the real thing? Of course, pay that no mind guys. Believe that a picture is better than the real thing. Lames. Fucking pathetic. This ^^ is what happens when you read something with the sole purpose of trying to find something to trash about it instead of actually understanding what it says. You focus on a pretty meaningless part and ignore the rest. MadMax, IsntLifeFunny, Justafan, and 1 other 4 Link to post Share on other sites More sharing options...
Starkiller Posted July 17, 2018 Author Report Share Posted July 17, 2018 6 minutes ago, reo said: This ^^ is what happens when you read something with the sole purpose of trying to find something to trash about it instead of actually understanding what it says. You focus on a pretty meaningless part and ignore the rest. We call him Simple Jake for a reason... Justafan, freakingeek, MadMax, and 1 other 4 Link to post Share on other sites More sharing options...
Popular Post OzTitan Posted July 17, 2018 Popular Post Report Share Posted July 17, 2018 22 minutes ago, JakePA_Titan said: Believed. Another strong word there. One that gets eyes poppin with no proof. Typical verbage in arguments conjured up by the left.... It even goes on to say they don't know what exactly was given. Lmao....But BELIEVE it! Lol Anyway...lets say it was a pic....its better than a physical server itself? Lmao wow. I bet. BELIEVE IT. Is a picture of a pussy more useful than the real thing? Of course, pay that no mind guys. Believe that a picture is better than the real thing. Lames. Fucking pathetic. Dude, did you seriously just confuse the use of the word "image" as meaning a picture of the server? like a photo? Or was that just a bad joke? Image means a 1:1 bit for bit copy of the server's hard drive. reo, Justafan, MadMax, and 3 others 3 3 Link to post Share on other sites More sharing options...
thor Posted July 17, 2018 Report Share Posted July 17, 2018 Just now, OzTitan said: Dude, did you seriously just confuse the use of the word "image" as meaning a picture of the server? like a photo? Or was that just a bad joke? Image means a 1:1 binary copy of the server's hard drive. LOL!!! Who funded Crowdstrike and who runs Crowdstrike??? Soxcat, and TennesseeTuxedo 2 Link to post Share on other sites More sharing options...
reo Posted July 17, 2018 Report Share Posted July 17, 2018 3 minutes ago, OzTitan said: Dude, did you seriously just confuse the use of the word "image" as meaning a picture of the server? like a photo? Or was that just a bad joke? Image means a 1:1 bit for bit copy of the server's hard drive. Hahahaha I actually didn't get that far into his post. That's hilarious! IsntLifeFunny 1 Link to post Share on other sites More sharing options...
OzTitan Posted July 17, 2018 Report Share Posted July 17, 2018 1 minute ago, thor said: LOL!!! Who funded Crowdstrike and who runs Crowdstrike??? I don't know, but I have a feeling you're going to link to some strange domain I've never heard of to tell me. Also not sure what that has to do with my post but I stopped trying to understand how you associate things a long time ago. MadMax 1 Link to post Share on other sites More sharing options...
thor Posted July 17, 2018 Report Share Posted July 17, 2018 1 minute ago, OzTitan said: I don't know, but I have a feeling you're going to link to some strange domain I've never heard of to tell me. Also not sure what that has to do with my post but I stopped trying to understand how you associate things a long time ago. You don't know??? Well, we will get back to that one then... Try this strange link you want me to send you to... LOL!!! https://themarketswork.com/2018/05/18/the-fbis-outside-contractors-dnc-servers-crowdstrike/ Link to post Share on other sites More sharing options...
OzTitan Posted July 17, 2018 Report Share Posted July 17, 2018 12 minutes ago, thor said: You don't know??? Well, we will get back to that one then... Try this strange link you want me to send you to... LOL!!! https://themarketswork.com/2018/05/18/the-fbis-outside-contractors-dnc-servers-crowdstrike/ Right on queue, but I'll at least give props that this site uses HTTPS - it's amazing how few of these conspiracy and even mainstream news sites do, and if you understand why that matters it would be disturbing to rely on such sites for accuracy. No HSTS but automatic HTTPS redirects at least. Seems like they're run by former McAfee execs? And funded in large part by Google. Some connections to ex FBI, but I can assure you that ex Government employees especially in sectors like intel, defence, law, finance etc breaking off to start their own firm or company and selling their services back to their previous connections is beyond common. In fact such industries would rarely accommodate new comers with no connections. MadMax, and thor 1 1 Link to post Share on other sites More sharing options...
pat Posted July 17, 2018 Report Share Posted July 17, 2018 @JakePA_Titan you don't have to do this, just stop MadMax, and Justafan 2 Link to post Share on other sites More sharing options...
thor Posted July 17, 2018 Report Share Posted July 17, 2018 (edited) 33 minutes ago, OzTitan said: Right on queue, but I'll at least give props that this site uses HTTPS - it's amazing how few of these conspiracy and even mainstream news sites do, and if you understand why that matters it would be disturbing to rely on such sites for accuracy. No HSTS but automatic HTTPS redirects at least. Seems like they're run by former McAfee execs? And funded in large part by Google. Some connections to ex FBI, but I can assure you that ex Government employees especially in sectors like intel, defence, law, finance etc breaking off to start their own firm or company and selling their services back to their previous connections is beyond common. In fact such industries would rarely accommodate new comers with no connections. Another Mueller guy??? Wow... These guys are everywhere... Edited July 17, 2018 by thor Link to post Share on other sites More sharing options...
pat Posted July 17, 2018 Report Share Posted July 17, 2018 you too @thor can quit now Link to post Share on other sites More sharing options...
OzTitan Posted July 17, 2018 Report Share Posted July 17, 2018 29 minutes ago, JakePA_Titan said: No, just a quick analogy to prove a point. If it makes a difference, if you take a mold of a bitches pussy and put it in a doll, is it the same as the real thing? Does that work better for you? Unlike reos dumbass thoughts, I read the entire italicized wording. I knew it was talking about computer memory. I bet you didn't. Taking an image is literally the same thing as having the data on a disk right in front of you. It is an exact replica. Unless the attack was physical and there's a reason to inspect the physical device, like some sort of hardware hack, it's 100% the same as having the original device. Link to post Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.