With regard to your first part of your first contention, that Russia hacked the DNC, read the Crowdstrike report[1]. That will contain the most technical indicators publicly revealed.

The second part, that Russia hacked John Podesta, is summarized mostly in these analyses.[2][3] Basically some actor used a single bitly account to create nearly 10,000 bitly links to sites that were obvious phishing domains for Google logins. Many of these links targeted people who only Russia would be interested in, for example, investigators of the MH17 shootdown, journalists and academics with a Russia focus, and organizations in the former Soviet states and Europe. Some of these domains were also linked to other campaigns known to be linked to APT28 or 29 (i.e., Russia).

Your second contention, that Russia provided exfiltrated data to Wikileaks, seems to rely mostly on classified intelligence. All the public evidence is circumstantial. Up to you to believe it or not.

[1]: https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...

[2]: https://www.secureworks.com/research/threat-group-4127-targe...

[3]: https://www.threatconnect.com/blog/russia-hacks-bellingcat-m...

Read FireEye's reports about APT28 and APT29:

    http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf
    https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf

They are finding various correlations, such as Russian language settings, compile timestamps matching Russian work days, malware activity ceasing on Russian holidays...

As a software developer, I can say that this "feels" par for the course for software developed in large organizations. Software that does it's job but obvious things, such as not realizing the developers workstation's locale names are being added to the binary, is forgotten.

Note also that the accusations against Russia hacking the DNC aren't coming out of the blue. The same evidence was there already in July when the emails were published by WikiLeaks. It wasn't until after the election that pundits started to believe something other than Russia was behind the hack.

> APT28 had consistently compiled Russian language settings into their malware. The second was that malware compile times from 2007 to 2014 corresponded to normal business hours in the UTC + 4 time zone, which includes major Russian cities such as Moscow and St. Petersburg.

You'd think that a state-sponsored attack would be a little less careless. This seems like a rookie give-away and makes me wonder if this is made to look like Russia instead of being Russia. When I think of a state-sponsored attack, I automatically envision something in the realm of Stuxnet in terms of quality and the level of sophistication.

So we have:

   a) Not enough evidence that it was Russia!
   b) To much evidence, it can't have been Russia!

:)

Remember how Edward Snowden, a low-level contractor, was able to run away with all the NSA:s big secrets? Government enterprises are characterized by cluelessness, political in-fighting and not sophistication.

What you're saying is, it looks like Russia, so it wasn't Russia. But if it didn't look like Russia, then maybe it would have been Russia.

Perhaps I shouldn't have made such a wild claim. I was just taken aback at the lack of competence due to lots of giveaways hidden in plain sight. Hard to believe that a state-sponsored cyber espionage actor doesn't realize that the first thing investigators would do is disassemble the executable once it's discovered. I guess everything's possible. @bjourne does make a good point in his reply.

Did you ever consider the Russians didn't care if they were caught or intentionally left clues to let the American Administration understand that they were responsible?

-Russia's GOV work hrs are 0800thru1800 (not 900-1700)- -Lunch 1300-1500 never be4 n00n- -Last DST happened in 2010-

Correlation doesn't imply causation. https://en.wikipedia.org/wiki/Correlation_does_not_imply_cau... The question is about technical specs.

I scanned through the 25-page unclassified report released a couple of days ago. I found no technical details, which I'm afraid means that the question devolves to whether you trust the FBI, CIA, and the NSA, (plus the non-technical arguments about Putin's motivations in the report, which I found reasonably compelling).

It seems to me that it would be difficult to get all three agencies to agree that Russia was behind the DNC email hack if that weren't true, so I suspect it's probably true, but not with great certainty.

That lack of technical details is pretty much all I need to hear. The whole thing smells of politics. The media have certainly been trying to conflate all of it in an attempt to make people think Trumps victory is invalid - and even worse, a plot by Putin.

Watching so-called "liberals" defending the CIA is really the icing on the cake for the last 8 years. The tribalism in this country transcends principles. As long as your team is the one winning, it doesn't matter what it does. If your team is losing, no alliance is too strange, no principle is too important to be cast aside in pursuit of destroying the enemy.

Do I like Donold Trump? Not a chance. Does my dislike of Trump make me more conducive to believe spies and spooks more than I did before November? Not really.

I think you are creating a strawman. One does not have to approve of the CIA to think that they are correct. Indeed, if one believes the CIA and NSA are adept at collecting intelligence on the American people, it follows that they might also be good at collecting it on Russia. There does not have to be an "alliance" to agree on established facts.

Indeed, I would argue that your point that if one disproves of CIA tactics that everything the CIA says or asserts is now somehow in question is probably more "tribalistic" than viewing data and agreeing on facts. That smacks of conspiracy theory.

Whether or not this makes any of this true is another story, but tribalism is a bad response.

How much one decides to believe a particular statement from organizations that claim never to be able to provide proof is entirely dependent on one's need for that statement to be true. If that statement provides for the destruction of "the other side" people are much more likely to believe it.

>everything the CIA says or asserts is now somehow in question

The CIA is an agency where everyone is taught to lie. They of course call it something else, tradcecraft, but they are, by profession, liars. A good spy knows to trust no one, especially not other spies.

What is the motive for the CIA to lie?

Is this a serious question?

Watching various media outlets they tend to say something along the lines of: "Russia hacked the election!". Reporting on the hack of the DNC / Podesta, followed by saying that Russia attempted to influence the US election. Both of which are documented and true events. However they attempt to conflate the two in presentation into the literal "Russia hacked John Podesta and Clinton to help Trump". Which is not justified from the limited amount of information available. Similarly they will talk about voting machine hacks, followed by Russia's attempted influence, and in presentation giving you the impression that "Russia hacked US voting machines".

I think the first (Russia hacked to install Trump) is more likely than the second (Russia successfully hacked US voting machines). I draw this conclusion only because of things I had noticed long before the hacks came to light, mostly Trump's ambiguity regarding his relationship with Putin and Russia from a business point of view. It didn't help his position when he started appointing Russia-friendly cabinet members.

Still, I don't think you can draw a direct line from Trump to Putin regarding the hacks themselves; in other words, Trump didn't order the attacks, he just reaped the benefits.

> in other words, Trump didn't order the attacks

Yep, he did not order it, he only asked kindly for some help

> “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,”

Absolutely this. If he were transparent about his financial dealings we would know how much Russia really means to him.

My guess is Putin has compromised Trump and Trump as POTUS benefits Russia greatly.

The hack was cheap, low-tech phishing and social engineering. Almost anyone could have sponsored it. That makes it difficult to attribute to anyone in particular.

There are 3 possibilities:

1) Russia hacked the election

2) Russia did not hack the election but the intelligence community wrongly believes they did

3) Russia did not hack the election and the intelligence agencies don't believe they did but have decided to lie to the American people for their own reasons.

Some of the reasons to believe they did:

[1] They had the motivation

[2] They have the capability

[3] They have done similar attacks in the past (as has the US)

[4] Russian linked hacking groups like Fancy Bear have been tied to the attacks

[5] The choice of targets and leaked information appeared to benefit Russia.

I think there is enough evidence to point to Russia hacking as the most probable explanation.

The Podesta emails were acquired by someone who downloaded them from gmail after Podesta voluntarily gave his password in response to a standard mass phishing email that many other people got as well. I don't think this is reasonably called hacking, it's more social engineering or scamming. It also doesn't seem to be spear phishing (a targetted attack) given that large numbers of people got the same emails.

Wikileaks says the DNC leaks were given to them personally by an insider. This is not a hack either.

Did foreign state intelligence services hack or try to hack servers of political operations in the US? Undoubtedly. That's their job and we've seen that there's not a lot of sense or security awareness by a lot of politicians, so it's likely a lot gets through.

Did foreign states give the info to Wikileaks? There's no evidence of that, and there's evidence from those who are in a position to know, such as Wikileaks, to the contrary.

> I don't think this is reasonably called hacking, it's more social engineering or scamming.

The vector doesn't matter.

The mark of sophistication is not that they use highly technical vectors, but that they know how to use their toolbox, and social engineering remains one of the most powerful tools in there.

Data was still exfiltrated without consent. That's hacking.

Is there hard proof though that the Podesta leak was just a mass fishing by-catch and it was nothing else? It would be trivial for a hacker to place false emails as a red herring.

What I find more interesting than the origin of the leaks is that almost nobody is talking about their content. Little in the US, almost not at all internationally. The only reporting about the Podesta leaks I noticed was that they occurred, and that some people described as cranks were discussing them on reddit - but at least in Germany no discussion of the contents, and in US media not much more. Same for the DNC leaks. The "pied piper" memo, where Democrats were hoping Trump would win the primaries... And how they tried to undermine Sanders - how did that not cause more outrage?

I understand why Wikileaks refuses to announce their sources, but I really wish they would in this case. I would love to see the shake-up if they were to show proof that the DNC leaks were provided by the late Seth Rich[1], for instance.

[1] https://en.wikipedia.org/wiki/Murder_of_Seth_Rich

Researchers traced the phishing link back to a bitly account that wasn't password protected. When they saw the other links in the account, they were able to decode the email address each link corresponded to. This unveiled that gaining access to Podesta's emails was part of a coordinated attack against the Clinton campaign. See http://motherboard.vice.com/read/how-hackers-broke-into-john...

The second question is one of attribution (i.e. "Who did it?"). That's harder. I believe it was the Russians, but that's based more on faith in the U.S. and British intelligence services getting this one right than a smoking gun linking back to the Kremlin.

EXECUTIVE SUMMARY: Trump had RT and Fox News. Clinton had MSNBC, CNN, Politico, NY Times, Washington Post, and most other MSM.

The whole report sounds so whiney and political. It reminds me of the evergoing effort by the left to dismiss Fox News (or flip the tables, its the same thing). Its an admission that the news that got out, justly or unjustly, wasn't the news they wanted to get out.

The media still purposely confuses the story. It was never about voter machine/count hacking. It was about narrative and whether or not the leaks changed hearts and minds.

I'm not inclined to trust the US government, but more importantly it seems like the focus on Russia is a distraction (whether or not Russia is responsible). What's important is the content of those emails.

This is a bizarre question. It's tantamount to asking "do you think the fbi and cia lied to the american people?"

When you put it that way...

What about Iraq? Or MKUltra, or Iran-Contra?

That does not mean they lied this time, but that context makes this question less bizarre than many seem to think

Well, we know they're constantly lying by omission. Is it such a stretch to believe they'd actively lie as well?

Not so much lie as be mistaken. There's a lot of groupthink in these agencies. Remember WMD?

I think the U.S is very behind when it comes to cybersecurity. We are throwing kids who are talented into prison and giving them felonies at a young age because the U.S does not understand them. If they get a felony for minor drug possession or messing around online as a teen, they have this negative feeling towards law enforcment and choose private sector.

But hey, isn't the private sector the new law enforcement? I recall the FBI not even requesting the DNC server for forensic analysis, we just passed it off to a 3rd party. https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for...