Moon of Alabama Brecht quote
May 14, 2020

NYT Falsely Blames Russia For Cyberattack Committed By British Hacker

The New York Times continues its anti-Russia campaign with a report about an old cyberattack on German parliament which also targeted the parliament office of Chancellor Angela Merkel.

Merkel Is ‘Outraged’ by Russian Hack but Struggling to Respond
Patience with President Vladimir Putin is running thin in Berlin. But Germany needs Russia’s help on several geopolitical fronts from Syria to Ukraine.

NYT Berlin correspondent Katrin Bennhold writes:

Chancellor Angela Merkel used strong words on Wednesday condemning an “outrageous” cyberattack by Russia’s foreign intelligence service on the German Parliament, her personal email account included. Russia, she said, was pursuing “a strategy of hybrid warfare.”

But asked how Berlin intended to deal with recent revelations implicating the Russians, Ms. Merkel was less forthcoming.

“We always reserve the right to take measures,” she said in Parliament, then immediately added, “Nevertheless, I will continue to strive for a good relationship with Russia, because I believe that there is every reason to always continue these diplomatic efforts.”

That alleged attack happened in 2015. The attribution to Russia is as shoddy as all attributions of cyberattacks are.

Intelligence officials had long suspected Russian operatives were behind the attack, but they took five years to collect the evidence, which was presented in a report given to Ms. Merkel’s office just last week.

Officials say the report traced the attack to the same Russian hacker group that targeted the Democratic Party during the U.S. presidential election campaign in 2016.

This is really funny because we recently learned that the company which investigated the alleged DNC intrusion, CrowdStrike, had found no evidence, as in zero, that a Russian hacker group had targeted the DNC or that DNC emails were exfiltrated over the Internet:

CrowdStrike, the private cyber-security firm that first accused Russia of hacking Democratic Party emails and served as a critical source for U.S. intelligence officials in the years-long Trump-Russia probe, acknowledged to Congress more than two years ago that it had no concrete evidence that Russian hackers stole emails from the Democratic National Committee’s server.
[CrowdStrike President Shawn] Henry personally led the remediation and forensics analysis of the DNC server after being warned of a breach in late April 2016; his work was paid for by the DNC, which refused to turn over its server to the FBI. Asked for the date when alleged Russian hackers stole data from the DNC server, Henry testified that CrowdStrike did not in fact know if such a theft occurred at all: "We did not have concrete evidence that the data was exfiltrated [moved electronically] from the DNC, but we have indicators that it was exfiltrated," Henry said.

The DNC emails were most likely stolen by its local network administrator, Seth Rich, who provided them to Wikileaks before he was killed in a suspicious 'robbery' during which nothing was taken.

The whole attribution of case of the stolen DNC emails to Russia is based on exactly nothing but intelligence rumors and CrowdStrike claims for which it had no evidence. As there is no evidence at all that the DNC was attacked by a Russian cybergroup what does that mean for the attribution of the attack on the German Bundestag to the very same group?

While the NYT also mentions that NSA actually snooped on Merkel's private phonecalls it tries to keep the spotlight on Russia:

As such, Germany’s democracy has been a target of very different kinds of Russian intelligence operations, officials say. In December 2016, 900,000 Germans lost access to internet and telephone services following a cyberattack traced to Russia.


Ahem. No!

That mass attack on internet home routers, which by the way happened in November 2016 not in December, was done with the Mirai worm:

More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.
This new variant of Mirai builds on malware source code released at the end of September. That leak came a little more a week after a botnet based on Mirai was used in a record-sized attack that caused KrebsOnSecurity to go offline for several days. Since then, dozens of new Mirai botnets have emerged, all competing for a finite pool of vulnerable IoT systems that can be infected.

The attack has not been attributed to Russia but to a British man who offered attacks as a service. He was arrested in February 2017:

A 29-year-old man has been arrested at Luton airport by the UK’s National Crime Agency (NCA) in connection with a massive internet attack that disrupted telephone, television and internet services in Germany last November. As regular readers of We Live Security will recall, over 900,000 Deutsche Telekom broadband customers were knocked offline last November as an alleged attempt was made to hijack their routers into a destructive botnet.
The NCA arrested the British man under a European Arrest Warrant issued by Germany’s Federal Criminal Police Office (BKA) who have described the attack as a threat to Germany’s national communication infrastructure.

According to German prosecutors, the British man allegedly offered to sell access to the botnet on the computer underground. Agencies are planning to extradite the man to Germany, where – if convicted – he could face up to ten years imprisonment.

The British man, one Daniel Kaye, plead guilty in court and was sentenced to 18 month imprisonment:

During the trial, Daniel admitted that he never intended for the routers to cease functioning. He only wanted to silently control them so he can use them as part of a DDoS botnet to increase his botnet firepower. As discussed earlier he also confessed being paid by competitors to takedown Lonestar.

In Aug 2017 Daniel was extradited back to the UK to face extortion charges after attempting to blackmail Lloyds and Barclays banks. According to press reports, he asked the Lloyds to pay about £75,000 in bitcoins for the attack to be called off.

The Mirai attack is widely known to have been attributed to Kaye. The case has been discussed at length. IT security journalist Brian Krebs, who's site was also attacked by a Mirai bot net, has written several stories about it. It was never 'traced to Russia' or attributed it to anyone else but Daniel Kaye.

Besides that Kennhold writes of "Russia’s foreign intelligence service, known as the G.R.U.". The real Russian foreign intelligence services is the SVR. The military intelligence agency of Russia was once called GRU but has been renamed to GU.

The New York Times just made up the claim about Russia hacking in Germany from absolutely nothing. The whole piece was published without even the most basic research and fact checking.

It seems that for the Times anything can be blamed on Russia completely independent of what the actually facts say.

Posted by b on May 14, 2020 at 14:38 UTC | Permalink

« previous page

In the NOW

China’s getting all of your attention now, but there’s always someone waiting in the shadows…

Posted by: Mao | May 16 2020 10:24 utc | 101

Posted by: Jackrabbit | May 16 2020 1:02 utc | 97 And here we see the result of your hand-waiving: establishing the starting point of any discussion as the acceptance of Seth Rich as a actual person who actually died.

There comes a point where conspiracy theory becomes stupidity. If you want to believe Seth Rich never existed, be my guest. I'm not going to waste my time on that level of nonsense - especially absent the *slightest* evidence that this is even possible, other than general paranoia.

What's that old George Carlin line? "Man, the Sixties were good to you!" LOL

Posted by: Richard Steven Hack | May 16 2020 11:17 utc | 102

RSH @ May16 2020 11:17

If you want to believe Seth Rich never existed, be my guest

Well, that's why I included the description of White Helmets. Yeah, they exist but their actual purpose is hidden. And a the solution to the Seth Rich 'mystery' may end up being something along the same lines.

The point is, I question everything about Seth Rich and his death because the info we have doesn't add up.


Posted by: Jackrabbit | May 16 2020 13:15 utc | 103


Seth Rich is and was a real person. So was Lee Harvey Oswald. Trying to get much further is nearly impossible. Which tells you what you are up against.

Anyone tries to confound did he exist with did he die is a gatekeeper. They are here.

One look at any photo of Rich tells me he is bloated on roids and on beer. Total elitist, total snob, wears the look of one who knows deep down his ticket has been punched. If you want to know more start working on his name, start working on his family. This is America where we were all born yesterday. The elite do like their names, nearly always use real names, assume no one notices. Take notice and you will make discoveries.

Posted by: oldhippie | May 16 2020 15:25 utc | 104

Jamie Grierson and Hannah Devlin

Sun 3 May 2020 16.12 BST, The Guardian

Hostile states are attempting to hack British universities and scientific facilities to steal research related to Covid-19, including vaccine development, cybersecurity experts have warned.

The National Cyber Security Centre (NCSC) said the proportion of such targeted cyber-attacks had increased, branding the criminal activity “reprehensible”.

It is understood that nations including Iran and Russia are behind the hacking attempts, while experts have said China is also a likely perpetrator.
It always puzzles me why Tuvalu is omitted from the lists of suspected hostile states. Perhaps an innocent omission, but I suspect something deeper and darker. That said, I need to extend my dictionary. Some old entries

"intellectually incurious" -- dumb as a doorknob, but the latter phrase is not applied to current and former Presidents of USA

"often misunderstood" -- very mean and very annoying bastard, when we wish to avoid that phrase. Usually because of social standing, but I also seen it in a public TV program on animals, and wolverine is "often misunderstood". Badmouthing the subject is not good form, but the scene was breath taking. A rabbit jumps on the snow in a forest. Wolverine spots that and climbs a tree. Fox spots the rabbit and start the chase, few dramatic minutes. Fox kills the rabbit. Wolverine climbs down, chases the fox away and dines.


In the same article: Meanwhile, a dossier prepared by governments for the so-called Five Eyes nations, an intelligence alliance between Australia, Canada, New Zealand, the UK and the US, alleges that China deliberately suppressed or destroyed evidence of the coronavirus outbreak. The move cost tens of thousands of lives, according to the document obtained by the Australian Daily Telegraph, which lays the foundation for a case of negligence being mounted against China.

"dossier prepared by governments" -- [you fill the blanks]

Posted by: Piotr Berman | May 18 2020 6:26 utc | 105

« previous page

The comments to this entry are closed.