Attribution of cyber-intrusions and attacks is nearly impossible. A well executed attack can not be traced back to its culprit. If there are some trails that seem attributable one should be very cautions following them. They are likely faked.

Hundreds if not thousands of reports show that this lesson has not been learned. Any attack is attributed to one of a handful of declared "enemies" without any evidence that would prove their actual involvement. Examples:

• Russian Hackers Blackmail US Liberal Groups After Stealing Emails And Documents, Report Says
• US officially accuses Russia of hacking DNC and interfering with election
• Iran hacked an American casino, U.S. says
• Iran suspected for the attack on the Saudi Aramco
• North Korea 'hacks South's military cyber command'
• Official: North Korea behind Sony hack

In June 2016 we warned The Next "Russian Government Cyber Attack" May Be A Gulf of Tonkin Fake:

All one might see in a [cyber-]breach, if anything, is some pattern of action that may seem typical for one adversary. But anyone else can imitate such a pattern as soon as it is known. That is why there is NEVER a clear attribution in such cases. Anyone claiming otherwise is lying or has no idea what s/he is speaking of.

There is now public proof that this lecture in basic IT forensic is correct.

Wikileaks acquired and published a large stash of documents from the CIA's internal hacking organization. Part of the CIA hacking organization is a subgroup named UMBRAGE:

The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Hacking methods are seldom newly developed. They are taken from public examples and malware, from attacks some other organization once committed, they get bought and sold by commercial entities. Many attacks use a recombined mix of tools from older hacks. Once the NSA's STUXNET attack on Iran became public the tools used in it were copied and modified by other such services as well as by commercial hackers. Any new breach that may look like STUXNET could be done by anyone with the appropriate knowledge. To assert that the NSA must have done the new attack just because the NSA did STUXNET would be stupid.

The CIA, as well as other services, have whole databases of such 'stolen' tools. They may combine them in a way that looks attributable to China, compile the source code at local office time in Beijing or "forget to remove" the name of some famous Chinese emperor in the code. The CIA could use this to fake a "Chinese hacking attack" on South Korea to raise fear of China and to, in the end, sell more U.S. weapons.

Russia did not hack and leak the DNC emails, Iran did not hack American casinos and North Korea did not hack Sony.

As we wrote: "there is NEVER a clear attribution". Don't fall for it when someone tries to sell one.

(PS: There is a lot more in the new Wikileaks CIA stash. It seems indeed bigger than the few items published from the Snowden NSA leak.)

NYT March 6 – Trump’s Wiretapping Claims Puncture Veneer of Presidential Civility

[W]hen Mark Levin … contended that Mr. Obama had targeted Mr. Trump for surveillance … it struck a chord. Along with reports that in Mr. Obama’s last days in office his administration changed the rules on distributing intelligence and made a point of spreading information about Mr. Trump’s team and Russia to different parts of the government to “preserve” it, the wiretapping allegation pushed Mr. Trump over the top.

NYT March 5 – When One President Smears Another

In four tweets … Mr. Trump declared as fact a theory he apparently encountered on alt-right websites: “How low has President Obama gone to tapp [sic] my phones during the very sacred election process. This is Nixon/Watergate. Bad (or sick) guy!”

The above assertions by the New York Times raise the question where Mr. Levine got his information from. A reader might also ask who published those ominous "reports" and on which "alt-right website" one might encounter such theories?

The New York Times does not know where all this came from? That is a bit astonishing. Let me help:

• On targeting Trump and his campaign for surveillance:

NYT – January 19 Intercepted Russian Communications Part of Inquiry Into Trump Associates

American law enforcement and intelligence agencies are examining intercepted communications and financial transactions as part of a broad investigation into possible links between Russian officials and associates of President-elect Donald J. Trump, including his former campaign chairman Paul Manafort, current and former senior American officials said.
…
It is not clear whether the intercepted communications had anything to do with Mr. Trump’s campaign, or Mr. Trump himself.

NYT – February 14 – Trump Campaign Aides Had Repeated Contacts With Russian Intelligence

Phone records and intercepted calls show that members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election, according to four current and former American officials.

American law enforcement and intelligence agencies intercepted the communications …

• Those "reports" that Obama spread the information on Trump and his associates?

NYT January 12 – N.S.A. Gets More Latitude to Share Intercepted Communications

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

NYT March 1 – Obama Administration Rushed to Preserve Intelligence of Russian Election Hacking

In the Obama administration’s last days, some White House officials scrambled to spread information … about possible contacts between associates of President-elect Donald J. Trump and Russians — across the government … to leave a clear trail of intelligence for government investigators.

• The "alt-right website" that peddled all this?

By now you will have guessed it. It is the New York Times itself that reported (and slandered) the news about the Obama administration's surveillance of Trump and those associated with him.

The NYT and its editors now blames Trump for repeating, in a condensed tweet, the open and hidden assertions made in various reports by the New York Times itself.

There is zero evidence of any Russian involvement or hacking of the U.S. election. There is zero evidence of any collusion of Trump and those around him with Russia. There is zero evidence that any of the lunatic claims made in that Steele dossier, ordered up and financed by Trump's political enemies, are true.

Even if Trump's personal phone and email were not under direct wiretap, people near to Trump definitely were under communication surveillance. Inevitably such surveillance will have caught communication with and of the would be next president, Donald Trump. The Obama administration made sure that such taped communication would be widely distributed in raw form, guaranteeing future out-of-context leaks.

The Times knows all this and reported it – though often hidden in plain sight with misleading headlines and context.

Blaming Trump and others for repeating such reports is lame hypocrisy.

News & views …

(I am on an extended family weekend which includes some ceremonies and festivities. Therefore: light posting)

You may want to discuss if "Obama wiretapped Trump". Not mentioned at the link is the Obama abuse of classification discussed earlier here.

My guess on the wiretapping:

• The Obama administration did this at least before the election.
• The "official target" was not Trump but someone else.
• Nothing usable was found on Trump.

In its last months the Obama administration ordered the intelligence agencies to collect and distribute information of contacts between the Trump campaign and Russia. This to prevent any change by the Trump administration of the hostile policy towards Russia that the Obama administration instituted. The intent was also to give the intelligence services blackmail material against the Trump crew to prevent any changes in their undue, freewheeling independence.

The above is reported in a little discussed New York Times piece published yesterday. The reporting angle captured in the headline is biased to set the Obama efforts into a positive light: Obama Administration Rushed to Preserve Intelligence of Russian Election Hacking.

Make no mistake by straight-reading that headline. Not single shred of evidence has been provided that "Russia hacked the election" or had anything to do with various leaks of Clinton related emails. A lot of fluff and chaff was thrown around but not even one tiny bit of evidence.

The Obama effort was clearly to sabotage the announced policy of the incoming administration of seeking better relations with Russia. Obama intended to undermine the will of the voters by abusing instruments of the state.

Excerpts from the piece:

In the Obama administration’s last days, some White House officials scrambled to spread information about  … possible contacts between associates of President-elect Donald J. Trump and Russians — across the government. Former American officials say they had two aims: to ensure that such meddling isn’t duplicated in future American or European elections, and to leave a clear trail of intelligence for government investigators.

It is completely normal for any campaign, and especially an incoming administration, to have contacts with foreign government officials.

Cont. reading: Obama Ordered Abuse Of Intelligence To Sabotage Trump Policies

The last Syria thread noted:

South of Al-Bab the Syrian army is moving towards the Euphrates. It will cut off the Turkish forces path to Raqqa and Manbij.

That move concluded. The Turkish invasion forces are now blocked from moving further south. They would have to fight the Syrian army and their Russian allies to move directly onto Raqqa. They would have to fight the Syrian-Kurdish YPG and its U.S. allies to move further east.

For the first time since the start of the war the supply lines between Turkey and the Islamic State are cut off!

map by Peto Lucem bigger

Cont. reading: Syria – Erdogan’s Lost Bet – Trump Likely To Follow A Cautious Strategy