Failures

by Karl Bode


Filed Under:
bandwidth, dnc, election, hack, math, russia



Stories Claiming DNC Hack Was 'Inside Job' Rely Heavily On A Stupid Conversion Error No 'Forensic Expert' Would Make

from the don't-trust-anonymous-sources-unless-you-agree-with-them dept

While we wait for the Mueller investigation to clearly illustrate if and how Russia meddled in the last election, there's no shortage of opinions regarding how deep this particular rabbit hole goes. While it's pretty obvious that Putin used social media and media propaganda to pour some napalm on our existing bonfires of dysfunction, just how much of an impact these efforts had on the election won't be clear until a full postmortem is done. Similarly, while Russian hackers certainly had fun probing our voting systems and may have hacked both political parties, clearly proving state involvement is something else entirely.

Quite fairly, many folks have pushed for caution in terms of waiting for hard evidence to emerge, highlighting the danger in trusting leaks from an intelligence sector with a dismal track record of integrity and honesty. There's also the obvious concern of ramping up tension escalation between two nuclear powers. But last week, many of those same individuals were quick to highlight several new stories that claimed to "completely debunk" Russia's involvement in hacking the DNC ahead of last year's election. The problem? These reports were about as flimsy -- if not flimsier -- than the Russian hacking theories they supposedly supplanted.

In fact, these reports took things one step further by claiming that the hack of the DNC was something committed solely by someone within the DNC itself. This particularly overlong, meandering piece by The Nation, for example, claimed to cite numerous anonymous intelligence sources who have supposedly grown increasingly skeptical over the "Russian hacking narrative." Quite correctly, the report starts out by noting that while there's oodles and oodles of smoke regarding Putin's involvement in the election hacks, the fire (hard evidence) has been hard to come by so far:

"Lost in a year that often appeared to veer into our peculiarly American kind of hysteria is the absence of any credible evidence of what happened last year and who was responsible for it. It is tiresome to note, but none has been made available. Instead, we are urged to accept the word of institutions and senior officials with long records of deception. These officials profess “high confidence” in their “assessment” as to what happened in the spring and summer of last year—this standing as their authoritative judgment.

But it's then that's where things get a little weird. The report repeatedly proclaims that a laundry list of anonymous "forensic investigators, intelligence analysts, system designers, program architects, and computer scientists of long experience and strongly credentialed" have been hard at work "producing evidence disproving the official version of key events last year." But one of the key conclusions by these experts -- and a key cornerstone for of all of these stories -- makes absolutely no sense.

The reports lean heavily on anonymous cybersecurity experts calling themselves "Forensicator" and "Adam Carter," who purportedly took a closer look at the metadata attached to the stolen files. Said metadata, we're breathlessly informed, indisputably proves that the data had to have been transferred from inside of the DNC network and not over the internet, since the internet isn't supposedly capable of such transfer speeds:

"Forensicator’s first decisive findings, made public in the paper dated July 9, concerned the volume of the supposedly hacked material and what is called the transfer rate—the time a remote hack would require. The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second.

These statistics are matters of record and essential to disproving the hack theory. No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed. Compounding this contradiction, Guccifer claimed to have run his hack from Romania, which, for numerous reasons technically called delivery overheads, would slow down the speed of a hack even further from maximum achievable speeds."

That reads like a semi-cogent paragraph, but it's largely nonsense. 22.7 megabytes per second (MB/s) sounds impossibly fast if you don't know any better. But if you do the simple conversion from megabytes per second to megabits per second necessary to determine the actual speed of the connection used, you get a fairly reasonable 180 megabits per second (Mbps). While the report proclaims that "no internet service provider" can provide such speeds, ISPs around the world routinely offer speeds far, far faster -- from 500 Mbps to even 1 Gbps.

And despite the report oddly pooh pooh'ing Romanian broadband's "delivery overheads," many Romanian cities actually have faster internet connectivity than either Russia or in the States (check out Akamai's global broadband rankings). Bernie Sanders learned this last year when he unintentionally pissed off many Romanians when trying to highlight the dismal state of U.S. connectivity. Even then, the hacker in question could have used any number of tricks to hide his or her location and real identity from a high-bandwidth vantage point, so the claim that the hacker couldn't achieve 180 Mbps through a VPN is simply nonsense.

Obviously this raises some questions about what kind of cyber-sleuths we're talking about when they can't do basic conversions or look at some fairly obvious broadband speed availability charts. And it also raises some questions about why reporters thought flimsy anonymous experts were the perfect remedy to the other flimsy anonymous leaks they hoped to debunk. While The Nation couldn't even be bothered to do the simple calculation to determine the speed of the connection used by the hacker was relatively ordinary, in a story titled "Why Some U.S. Ex-Spies Don't Buy the Russia Story," Bloomberg actually did the conversion to get the 180 Mbps speed, and still somehow told readers that such speeds were impossible:

"The VIPS theory relies on forensic findings by independent researchers who go by the pseudonyms "Forensicator" and "Adam Carter." The former found that 1,976 MB of Guccifer's files were copied from a DNC server on July 5 in just 87 seconds, implying a transfer rate of 22.6 megabytes per second -- or, converted to a measure most people use, about 180 megabits per second, a speed not commonly available from U.S. internet providers. Downloading such files this quickly over the internet, especially over a VPN (most hackers would use one), would have been all but impossible because the network infrastructure through which the traffic would have to pass would further slow the traffic."

Yes, all but impossible! Provided you ignore that DOCSIS 3.1 cable upgrades and fiber connections deliver speeds consistently faster than that all around the world every day -- including Romania. False claims and sloppy math aside, after the Bloomberg column ran, several actual, identifiable intelligence experts also came forward doubting the legitimacy of the supposed intelligence sources for these stories altogether:

Surrounded by raised eyebrows, The Nation is now apparently reviewing its story for accuracy after numerous people highlighted that a major cornerstone of the report was little more than fluff and nonsense. Bloomberg has so far failed to follow suit.

So again, there's certainly every reason to not escalate hostility between the United States and Russia with many details still obfuscated and investigations incomplete. And there's also every reason to view reports leaning heavily on anonymous intelligence insiders skeptically after generations of distortions and falsehoods from those same agencies. That said, if you want to debunk the anonymous claims of a growing number of intelligence insiders who claim Russia played pinball with our electoral process, perhaps running into the arms of even more unreliable, anonymous intelligence sources -- without checking your math -- isn't your best path toward the truth.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TechDescartes (profile), 16 Aug 2017 @ 7:56am

    Pai in the Sky

    No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed.

    As everyone knows, "10Mbps downstream and 1Mbps upstream is all one needs."

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 16 Aug 2017 @ 9:35am

    Just because we don't have those speeds in the US, no one has those speeds.

    reply to this | link to this | view in chronology ]

    • identicon
      None Ya, 16 Aug 2017 @ 9:50am

      Which speeds

      Not only are the speeds available in both the US and Romania, the underlying assumption that the files were necessarily moved back to Romania is completely bogus. Many years ago, when I was younger and stupider and words like Warez were popular, I used to regularly move stuff I wanted to download from a popular location to a private dump. The private dump would be a compromised server, often at a university or similar, with a fat pipe. It would take me a few seconds to move the stuff, at speeds far higher than my little ISP was capable of providing. But once I put them on my private dump, I could download them to home at my leisure, even if the public location got taken down. If you'd looked at the logs of the source server, you'd have seen me moving stuff at multimegabyte speed while I was connected to the Internet over a 14.4k modem.

      reply to this | link to this | view in chronology ]

      • icon
        Dark Helmet (profile), 16 Aug 2017 @ 11:25am

        Re: Which speeds

        "Not only are the speeds available in both the US and Romania, the underlying assumption that the files were necessarily moved back to Romania is completely bogus. Many years ago, when I was younger and stupider and words like Warez were popular, I used to regularly move stuff I wanted to download from a popular location to a private dump. The private dump would be a compromised server, often at a university or similar, with a fat pipe. It would take me a few seconds to move the stuff, at speeds far higher than my little ISP was capable of providing. But once I put them on my private dump, I could download them to home at my leisure, even if the public location got taken down. If you'd looked at the logs of the source server, you'd have seen me moving stuff at multimegabyte speed while I was connected to the Internet over a 14.4k modem."

        Or, gee, maybe the hackers would have transferred the files to any of the multiple Russia properties they had in the country before Obama closed them under sanctions as a response to this very same hack....

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 9:37am

    try again

    "Error No 'Forensic Expert' Would Make"

    Everyone makes the dumbest errors. You cannot assign inhuman qualities to people just because the word "expert" appears next to their name. The entire premise that "because an expert said so" is bankrupt.

    Same as the "no true Scotsman" malarkey.

    Expert only means that human is less likely to make that mistake, not that is is impossible.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 10:15am

      Re: try again

      I still don't know what the supposed conversion error is. 22.7 megabytes/s comes directly from the calculation, without conversion. So who converted wrong, and what value and units did they get?

      The statement that such speeds are impossible is wrong, but that has nothing to do with conversion and actually works against the "conversion error" argument because it results in a smaller number.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 11:25am

        Re: Re: try again

        So I guess loading the story with hyperbole is fine then?

        Whatever... its okay for you to use a fallacy when it suits your needs. This problem sets the stage where each new bit of hyperbole must top the last one until they are so stratospheric that sneezing towards the south could be taken as a nod to the racist past where people automatically assume they are a racist and therefor a Nazi and shot dead on the spot just trying to get home from work with a little hay-fever!

        Ya noe... kinda like what this very article is trying to explain?

        "Quite fairly, many folks have pushed for caution in terms of waiting for hard evidence to emerge, highlighting the danger in trusting leaks from an intelligence sector with a dismal track record of integrity and honesty. There's also the obvious concern of ramping up tension escalation between two nuclear powers."

        So chillax BITCH and stop being a butthurt hoe over it!

        See what I did there?

        It works entirely towards the conversation!

        reply to this | link to this | view in chronology ]

      • identicon
        Baron von Robber, 16 Aug 2017 @ 12:49pm

        Re: Re: try again

        When talking about over the line speeds, it's in bits per second, not Bytes. So it's 10Mbs, not 10MBs. Of somebody says MegaBytes, then conversion is needed. 8bit=1Byte

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Aug 2017 @ 4:18pm

          Re: Re: Re: try again

          Of somebody says MegaBytes, then conversion is needed.

          Not really--but OK, let's say it's needed. How did this lead to an incorrect analyis, and where's the evidence of that? The only obvious mistake would be to assume 22.7 Mbit/s was needed, but that mistake goes in the wrong direction.

          reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 17 Aug 2017 @ 3:04am

            Re: Re: Re: Re: try again

            I would guess that the "expert" saw the file transfer speed was 22.7MBps and then looked at available internet speeds and saw that none were rated in MBps. Since Mbps is naturally a lower factor speed, he assumed that this means the speed was unattainable. Whereas if you convert it to Mbps, you see that it is perfectly attainable.

            This means he knows nothing about networks and should be prevented from presenting himself as an expert in any related field immediately.

            reply to this | link to this | view in chronology ]

            • icon
              The Wanderer (profile), 18 Aug 2017 @ 10:40am

              Re: Re: Re: Re: Re: try again

              I think it's more likely that he:

              • Did the conversion.
              • Saw that 180Mbps was significantly higher than the speeds he could get from the ISPs in his own market, and that he remembered seeing advertised in general.
              • Assumed that a foreign country not on the list of known well-off, major-world-player countries would obviously have worse speeds than he could get in the US.
              • Concluded that the transfer must have been across a faster network than the Internet.

              The first critical error lies in the second (or possibly second-and-a-halfth) step: either assuming that the speeds available to him are representative, or failing to check the speeds being advertised more generally, even in the USA. (Because trans-180Mbps services are certainly available, even here. Look at all those gigabit-fiber-service projects that get so much news attention, however illusionary they sometimes turn out to be; for that matter, I'm pretty sure I've seen a 300Mbps service advertised by one of the big-name providers.)

              Even better would have been actually checking the speeds advertised by providers in Romania, but I'm not sure whether that would be practical for someone who doesn't know the local language, and by sheer statistical probability the "expert" in question probably didn't.

              reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 17 Aug 2017 @ 3:00am

      Re: try again

      It's more like - if someone makes this kind of basic mistake, they don't deserve the title of "expert" in the first place.

      "Same as the "no true Scotsman" malarkey."

      Not at all. "Expert" is by definition a title that's earned. Scotsman is a title given to every man born in Scotland, it's not earned through action thus the fallacy.

      If a person does things that mean that they have not earned the title of "expert", then they are not an expert. This is not a fallacy.

      reply to this | link to this | view in chronology ]

  • identicon
    Warlordship, 16 Aug 2017 @ 9:42am

    Just because "Forensicator" doesn't wanna spring for big business style interenet connections that can cost thousands of dollars a month for over a gbps speed, doesn't mean that everyone is has to be using a Comcast "plus" plan that nets you 20 mbps for 69.99 a month.

    For example, an organization behind one of the two major political parties in the United freaking States might perhaps splurg on top of the line internet in order to not be restricted when it comes to getting or sending important information.

    reply to this | link to this | view in chronology ]

    • identicon
      JEDIDIAH, 16 Aug 2017 @ 1:18pm

      Strange arbitrary limitations.

      They don't even have to "spurge". They can simply steal it like the other guy said. This has been going on since the BBS and Usenet days.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 16 Aug 2017 @ 9:47am

    Google Fiber? Offsite server? I mean, really? You'd need to be living in a cave for quite some time to say it with a straight face.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 16 Aug 2017 @ 9:53am

    Even if you had, disproving a disproof proves less than zero.

    Sheesh.

    You still need positives, kids, to support your wild claims.

    But glad to see the totally unsubstantiated assertions on Trump-Russia revived! Techdirt never disappoints me. Been a while since a copyright article re-written here, so I eagerly await more "give away and pray" and "sell T-shirts".

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 10:41am

      Re: Even if you had, disproving a disproof proves less than zero.

      Hey scooter how's that John Steele appeal coming?

      reply to this | link to this | view in chronology ]

  • icon
    Planetologist Kynes (profile), 16 Aug 2017 @ 9:58am

    Download vs Upload

    I want to get out of the way that I think you're right. That said, in an article discussing reasonable "transfer" speeds, I think you've only made the situation less clear for folks that wouldn't "know any better" by not distinguishing upload and download speeds.

    You're right that download speeds of 180Mbps were prevalent in 2016, but this ignores the consideration that the upload could also be a bottleneck. In this case, I would have liked to see a little more detail on where the DNC servers are located because I don't know that part, or at least an admission that the lack of that information leaves open the possibility that the DNC handle their email about as well as Hilary Clinton did. If her server was on US consumer grade internet service, its intirely possible that an upload from such a server would be unlikely to transfer data at a rate of 180Mbps. That's just as relevant to debunking the "security experts" as the fact that their download speed could easily have been higher.

    reply to this | link to this | view in chronology ]

    • identicon
      Whoever, 16 Aug 2017 @ 2:47pm

      Re: Download vs Upload

      You're right that download speeds of 180Mbps were prevalent in 2016, but this ignores the consideration that the upload could also be a bottleneck.

      They won't have a residential connection and most business Internet services provide symmetric speeds.

      Even Clinton's connection was almost certainly a business connection because it's not practical to run a mail server on most residential connections. If incoming and outgoing email to and from a residential connection is not blocked by the ISP,(quite likely) then most SPAM filtering dumps email from residential connections as SPAM.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 4:16pm

        Re: Re: Download vs Upload

        They won't have a residential connection and most business Internet services provide symmetric speeds

        People who break into servers often do it via other servers they've cracked. Even the NSA were found to do this. So the copy would go from datacenter to another; the attacker can get the files through their home connection at their leisure. (It's good to work quickly—to have the transfer finished before anyone's noticed or acted on a security alert. And if in a few months they still haven't noticed, that's a good server to route other attacks through.)

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 10:23am

    Wasserman Hired Pakistani IT Workers

    I never heard of any Rumanians, but the Pakistani brothers that handled the DNC IT services are going to be standing trial soon. One is in jail and a warrant is out for the other. The rest of the family hightailed it back to Pakistan with some ill gotten gains.

    You can find the story around: Here is Fox New's report. http://www.foxnews.com/politics/2017/07/25/feds-arrest-it-staffer-for-wasserman-schultz-trying-to-le ave-country.html

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 11:34am

      Re: Wasserman Hired Pakistani IT Workers

      So of course I had to look into this since it sounded interesting. A few things:

      1. He did not work for the DNC. He worked for the House of Representatives and/or specific Democratic members, including Debbie Wasserman Schultz. So connecting this to the DNC hack makes no sense.

      2. His arrest had nothing to do with his work. He apparently lied on a loan application, and was arrested for that.

      3. I can't find anything about a warrant being out for his brother.

      Most of it is just a bunch of conjecture claiming these guys had been stealing computers or something, which ended up getting them fired.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 12:50pm

        Re: Re: Wasserman Hired Pakistani IT Workers

        I think we can assume these brothers had enough passwords and userIds to do everything Karl Bode and the Bloomberg story were masturbating themselves with.8)

        We are going to have to wait until the trial begins and the FBI audits all the equipment and harddrives they captured for evidence. I have a feeling the whole supposed eastern country involvement is going to point at the CIA/NSA. The CIA is already on record hacking the Senates network while Diane Feinstein was head of the intelligence committee.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 10:30am

    OK, then we only need who was the service provider at this exact point in time for the DNC. Possible-impossible talks are meaningless, if you can know exactly what was their current connection speeds... Anybody knows their pipes in 2016?

    reply to this | link to this | view in chronology ]

    • identicon
      JEDIDIAH, 16 Aug 2017 @ 1:22pm

      A big database sitting on a slow consumer line.

      Of course the real limitation here is the system being attacked and NOTHING else. Those limitations don't imply anything about the identity of the attacker. Those limits are something that ANY attack would have needed to deal with.

      The network is only ever as fast as it's slowest link.

      This situation would have also impacted any use of that database by any actual authorized end users or applications.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 10:32am

    His name was Seth Rich.

    reply to this | link to this | view in chronology ]

  • icon
    roebling (profile), 16 Aug 2017 @ 10:33am

    Primary source

    Kim Dotcom, the recipient of the leaked emails, not anonymously named his source:
    http://www.dailymail.co.uk/news/article-4530996/Kim-Dotcom-claims-Wikileaks-Clinton-storm.htm l

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 10:45am

    Can you prove it wasn't space aliens ...

    pretending to be Russians? Huh? Well, can ya? I rest my case.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 10:51am

    Funny thing is about all this bullshit? Not one person in the DNC, much less Hillary, has come out and said what was hacked wasn't true, just condemning how they got the information.

    So the Russians revealed bad information and intentions of Hillary and the DNC. Maybe they shouldn't have written those communications in the first place.

    Of course, they blame Snowden for revealing NSA misdeeds as well, but me, I believe he is a patriot and a hero. If Russians revealed the DNC tricks they played on their own supporters, so be it. Thanks for that Russia.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 11:03am

      Re:

      "Thanks for commiting international espionage." What are you a commie? Cause you ain't no patriot.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 12:25pm

        Re: Re:

        Oh, look. ShareBlue has made it to Techdirt.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 5:10pm

        Re: Re:

        Webster defines espionage: the things that are done to find out secrets from enemies or competitors. So, yeah, I suppose if you consider the people to be the enemy of the government, as you apparently do, then you might could call letting the people know what their government is doing behind their backs "espionage". The good kind.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 12:24pm

      Re:

      Brazile tried, but the e-mails are DKIM-authenticated.

      reply to this | link to this | view in chronology ]

  • icon
    Mark Gisleson (profile), 16 Aug 2017 @ 11:02am

    Can't speak to tech side

    Politically, Clinton's Nixonian DNC was more than willing to fake a false flag attack. They booted the election in unpardonable ways (ask any seasoned liberal activist if Clinton's campaign behaved rationally by ANY normal standards).

    This is their excuse, and for 10 months they've stonewalled any attempt at autopsy in their dead on arrival campaign.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 11:11am

    Unit of measure for "influence"??

    As far as I can tell, there are only 2 ways that an election process can be tampered with - voter fraud at the polls and alleged "influence."

    But how does one measure the attribute of "influence?"
    What is the unit of measure for "influence?"
    How do you collect "influence" data, other than pre-election polls?
    How do you devise formulas to predict measurements or formulate Standards?
    How do you calculate "influence" values or establish Standards of "Influence?"
    How do you compare measured values with calculated values of "influence" in order to make comparisons?
    What would be an example of 1 unit of influence?
    What would be an example of greater or lesser influence?
    Where is the math?

    The unit of measure for school funding is the number of students. The measured value is derived by counting the number of students. The calculated value is derived by using the census. And the money always comes up short. Maybe somebody should ask Copernicus about the school funding formula.

    The same questions arise when discussing the weather. Is the measured value inconsistent with the calculated value? How do you calculate the weather? What is the formula? Is it based on a collection of measured values? What will the weather be next month? Next year? What is the Standard? What happens when the measured value does not live up to the Standard?
    Is there something wrong with the formula, or is there something wrong with the measurements?
    Where is the math?

    To even talk about "Influence" in an election, it seems that there should at least be a "greater than" or "less than" factor, even if there are no units of measure to provide actual or calculated values? The most junkiest of junk science will at least have that. But with this election influence, I can't even find out what is greater or lesser.

    Where is the math?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 11:18am

    Revealing that the Dem primary was in the bag for Hillary is influencing the election, I agree. I agree that the Russians did it.

    So now what? I should forget that the DNC hosed their own voters in rigging the primary because Russians revealed it?

    Convince me that the DNC didn't act this way and I will be pissed that the Russians made up information to influence our election.

    Problem is, neither Hillary or the DNC have ever tried to do that, they just focus on the messenger.

    reply to this | link to this | view in chronology ]

  • identicon
    pegr, 16 Aug 2017 @ 11:40am

    The answer is obvious

    If I'm stealing thousands of files, I don't download them one at a time. I zip them up and download the zip file. Duh!

    reply to this | link to this | view in chronology ]

    • icon
      AdamCarter (profile), 17 Aug 2017 @ 2:16pm

      Re: The answer is obvious

      Which causes CPU usage and creates a disk footprint that makes you far easier to detect.

      (We're talking a total batch of files at around 19Gb, of which the NGP-VAN archive's contents appear to be a subset of)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 11:58am

    So... I feel like it's still in the "really stupidly obviously debunkable/testable" zone rather than anything. We have no idea where the server or computer in question was located or what its uplink speed is. But in the US, if it wasn't collocated in a datacenter with high upload bandwidth, it is very very unlikely to have had 100+ megabit/s upload. Since nobody's done any reporting on the connecting in question that I've found.

    reply to this | link to this | view in chronology ]

    • icon
      Phillip (profile), 16 Aug 2017 @ 12:08pm

      Re:

      wrong, since May of 2016 when I moved, and I was not the first house in the neighborhood, I have had 1Gbps symetric, up and down, at my house, pretty sure one of the two major political parties in the US can get the same or better service with all their connections and money

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2017 @ 1:25pm

        Re: Re:

        "Can get" is really different than "has." All I'm saying is figuring out what kind of upload bandwidth and ISP/collocation they had should be stupid easy.

        And at least where I live (considered urban) there basically aren't any non-datacenter plans faster than 100d/10u today unless your location is pretty much next to main fiber backbone downtown where all the colos are. And I'm not even clear on whether the machine in question was on-prem at a business location or in a datacenter or what.

        So you could totally be right. I have no idea. All I'm saying is the reporting has been terrible.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 12:14pm

    Well

    Observations that is was THE RUSSIANS rely on bias and innuendo....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 12:26pm

    Also worth noting - compression and resumption

    Those of us who have frequent occasion to transfer large files or collections of them over inconveniently slow links often use on-the-fly compression to speed up the process. Modern compression algorithms are quite good and while their effectiveness varies with the particular data in play, it's not uncommon to see 10:1 ratios, and I've occasionally seen much higher (e.g., 25:1) with sparse data sets that included a great deal of redundant information.

    Note also that common tools like rsync incorporate the concept of incremental transfers: it's possible -- with the right rsync options -- to run a partial transfer, stop it, then start another one that picks up where the first one left off.

    If I were trying to exfiltrate a significant corpus of email data, then I'd use both these. The first to optimize use of the available bandwidth, the second to avoid having to start completely over if the connection dropped. This is definitely NOT esoteric stuff: any competent Linux/Unix admin uses it without even thinking about it.

    Bottom line: the "forensic experts" behind this nonsense lack basic sysadmin skills. Ignore them.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2017 @ 2:29pm

      Re: Also worth noting - compression and resumption

      That's not the issue.

      The transfer rate is known, so there is only one question: was that transfer rate feasible over the pipes that the DNC used? Yes or no?

      No Google fiber in DC, btw.

      reply to this | link to this | view in chronology ]

      • icon
        Scott Yates (profile), 16 Aug 2017 @ 2:41pm

        Re: Re: Also worth noting - compression and resumption

        How exactly is the transfer rate known? Does someone have the logs that show how fast the files were transferred? I have not seen that in the reporting anywhere. They all just spit out the file transfer rate.

        reply to this | link to this | view in chronology ]

        • icon
          AdamCarter (profile), 17 Aug 2017 @ 2:22pm

          Re: Re: Re: Also worth noting - compression and resumption

          See the Forensicator's blog, he explains the whole process in detail (relative modification timestamp differences) as well as explaining about the FAT filesystem anomalies discovered and other factors observed that this article and most articles critical of his research (or Lawrence's referencing of the research, to be precise) tend to omit in order to make a strawman out of transfer rate attainability.

          http://theforensicator.wordpress.com/

          reply to this | link to this | view in chronology ]

  • identicon
    Truthiness, 16 Aug 2017 @ 12:55pm

    Hey, if "Anonymous Sources" say something is true, then by god it's absolutely accurate and above questioning. Don't you guys watch the news?

    Picking apart what they say makes you some kind of "-ist" I think.

    reply to this | link to this | view in chronology ]

  • identicon
    John Souvestre, 16 Aug 2017 @ 12:56pm

    Stupid Conversion Error

    What conversion error? The speed they calculated is correct, just not expressed in the most common form - the one quite often preferred by data people rather than communications people.

    > "22.7 megabytes per second (MB/s) sounds impossibly fast if you don't know any better."

    No, it sounds slower - if you don't know any better. 22.7M is smaller than 180M, right?

    So the headline for your story is exactly opposite what you claim.

    Note: I don't dispute any of the other points you make.

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 16 Aug 2017 @ 2:28pm

    Hocus Pocus Alakazam

    This particularly overlong, meandering piece by The Nation, for example, claimed to cite numerous anonymous intelligence sources who have supposedly grown increasingly skeptical over the "Russian hacking narrative."

    The only anonymous source was the Forensicator. The other persons involved are from a group by name of VIPS (ie Veteran Inteligence Professionals For Sanity).

    These are a few of persons involved with VIPS they are not anonymous:

    William Binney, former NSA Technical Director for World Geopolitical & Military Analysis; Co-founder of NSA’s Signals Intelligence Automation Research Center

    Skip Folden, independent analyst, retired IBM Program Manager for Information Technology US (Associate VIPS)

    Edward Loomis, Jr., former NSA Technical Director for the Office of Signals Processing

    David MacMichael, National Intelligence Council (ret.)

    Kirk Wiebe, former Senior Analyst, SIGINT Automation Research Center, NSA

    So again, there's certainly every reason to not escalate hostility between the United States and Russia with many details still obfuscated and investigations incomplete.

    There have been no forensic investigations of DNC's servers by the US government. FBI has deferred to a group by name of Cloudstrike to examine the servers. Cloudstrike was hired by DNC and it's co-founder Dimiti Alperovitch has ties to the Ukrainian government and is vehemently anti-Russian (conflict of interest?)

    Italicized/bold text below was excerpted from the website www.consortiumnews.com a report titled:

    Intel Vets Challenge ‘Russia Hack’ Evidence

    Full Disclosure: Over recent decades the ethos of our intelligence profession has eroded in the public mind to the point that agenda-free analysis is deemed well nigh impossible. Thus, we add this disclaimer, which applies to everything we in VIPS say and do: We have no political agenda; our sole purpose is to spread truth around and, when necessary, hold to account our former intelligence colleague

    https://consortiumnews.com/2017/07/24/intel-vets-challenge-russia-hack-evidence/

    Italicize d/bold text below was excerpted from the website www.zerohedge.com a report titled:

    What Is CrowdStrike? Firm Hired By DNC Has Ties To Hillary Clinton, A Ukrainian Billionaire, And Google

    Recall that the FBI was denied access to the DNC servers by the DNC itself, and simply agreed to rely on the results provided by CrowdStrike, which as you can see has ties to all sorts of anti-Russia organizations and individuals. I find it absolutely remarkable that James Comey head of the FBI outsourced his job to CrowdStrike.

    http://www.zerohedge.com/news/2017-03-24/what-crowdstrike-firm-hired-dnc-has-ties-hilla ry-clinton-ukrainian-billionaire-and-g

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 16 Aug 2017 @ 3:21pm

    The Forensicator

    The Need for Speed

    Some reviewers have questioned the following conclusion in the Guccifer 2.0 NGP/VAN Metadata Analysis study.

    Conclusion 7. A transfer rate of 23 MB/s is estimated for this initial file collection operation. This transfer rate can be achieved when files are copied over a LAN, but this rate is too fast to support the hypothesis that the DNC data was initially copied over the Internet (esp. to Romania).

    Below, performance data is tabulated that demonstrate that transfer rates of 23 MB/s (Mega Bytes per second) are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance. Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when writing a USB-2 flash device (thumb drive).

    Below, are some representative discussions on the subject of the 23 MB/s rate cited in the study.

    As we can see above, there was some confusion regarding the MB/s notation used in the analysis. The analysis uses MB/s as a short form of “Mega Bytes per second” as detailed in MB: Mega Bytes or Mega Bits? There is also some confused thinking that very fast local Internet transfer speeds in Romania will somehow make up for the very slow rates seen when traveling across Europe and then going trans Atlantic to Washington, DC. To further complicate matters, various independent experts have asserted that Guccifer 2 used a Russian-based VPN service (through an end point in France) to communicate with various people.

    In practice, actual transmission rates will fall well below the theoretical rates, because packets transmitted over the Internet have to transit many switches and must share bandwidth with other users. Further, copying multiple small files will increase the need for “hand-shaking” messages which further decreases the effective transmission speed. The only way to find the actual speeds that can be achieved is to run tests. The typical ISP provided “speed test” will show optimistic speeds, but they’re a start. The following graphic shows the result of a cable provider’s speed test.

    Link to full report:

    https://theforensicator.wordpress.com/2017/08/01/the-need-for-speed/#more-342

    reply to this | link to this | view in chronology ]

  • icon
    Richard Hack (profile), 16 Aug 2017 @ 8:10pm

    This article is not correct

    The Forensicator's point has been misinterpreted by a lot of people, including the VIPS.

    His point is not that you can't find high speed Internet. Indeed, 17 percent of the US population have access to Gigabit Ethernet to the home and business. Other countries, as noted including Romania, have higher speeds available. And you can also use 802.11n wireless to get the reported speeds.

    His point is that the speed cited - 23-28Mbps - is consistent with USB 2.0 flash drive speeds. And the date/time stamps, although capable of being modified, pretty well establish for logical reasons that the files were downloaded on the East Coast.

    What that does is make the Guccifer 2.0 narrative of hacking across the Atlantic from Romania come under serious question.

    You really need to read all The Forensicator's articles and updates to get the full picture. Don't rely on The Nation article alone.

    Guccifer 2.0 NGP/VAN Metadata Analysis
    https://theforensicator.wordpress.com/guccifer-2-ngp-van-metadata-analysis/

    You also need to read over the extensive analysis of the alleged "Guccifer 2.0" entity at Adam Carter's blog:

    Guccifer 2.0: Game Over
    http://g-2.space/

    The evidence does not prove that a DNC hack did not take place. It has, however, good circumstantial evidence that the story peddled by CrowdStrike/threatConnect/the government and Guccifer 2.0 is simply wrong.

    And that doesn't even address Sy Hersh's revelation that the FBI has a report that explicitly states that Seth Rich was in contact with Wikileaks and offered them DNC documents in exchange for money, and that Wikileaks had access to Rich's DropBox account. We will know more once Hersh finishes his "long form journalism" piece on the entire event. Hersh explicitly said that the entire Russiagate/DNC hack story was a disinformation campaign run by John Brennan at CIA.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2017 @ 8:16pm

    In fairness, Bloomburg is correct when it says 180 megabits per second is not commonly available from US providers. What is advertised and what is delivered are not always the same things.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Aug 2017 @ 3:17am

    This story is an inside job

    Comcast promoted it so people would think their low speeds are reasonable.

    reply to this | link to this | view in chronology ]

  • identicon
    Adam Carter, 17 Aug 2017 @ 11:35am

    Rebuttal

    I've responded to Wemple (Washington Post), Uchill (The Hill), Biddle & Tait but the same observations are relevant to this article by Karl Bode as he uses the same tactics to undermine what is referenced by Lawrence in his article.

    http://g-2.space/distortions

    reply to this | link to this | view in chronology ]

  • icon
    Toom1275 (profile), 19 Aug 2017 @ 3:24pm

    Obvious troll is obvious

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.