If you’re interested in the swirling scrimmage around attributing the “Russia” cyberattacks on the US 2016 election, there’s another fun bit of analysis dropped today:
I sense a little sarcasm in their title. One would expect a government to use nice stuff, like the NSA’s Equation Group writes, not off the shelf stuff that’s been around for ages. In fact, this Ukrainian obfuscated PHP malware looks a lot like some Romanian stuff I had to deal with during an incident response in 2013.
The Wordfence analysis shows pretty much what I, and others, expected: a lot of fake IP addresses, and “basic hacking 101” stuff. The attribution of the US Government’s published data in the JAR is weak to nonexistent. They are failing to make anything like a solid case that shows Russian involvement. The sort of analysis presented by Wordfence is the sort of detailed analysis that would lead to a positive attribution, assuming there was any “there” there.
It is pathetic, sad, and lame that the JAR is the best the US government was able or willing to do. Given the vast resources expended on network hacking and surveillance, taxpayers deserve better than this.