Apparently it’s not your father’s CIA and NSA any more. Just as we have seen the IRS and every bureaucracy intensely politicized by hacks, the once-great U.S. intelligence community has degenerated into the snowflake generation like everything else.
Several computer security experts and Russia experts testified at the hearing. See C-SPAN video here. Kevin Mandia, Chief Executive Officer of FireEye, revealed—which he should not have done—one of the reasons that the U.S. intelligence community thinks that hacking was done by Russia.
Mandia said at time 1:46:41 that inside the software hacking tools used, the time stamps are overwhelmingly within business hours in the Moscow and St. Petersburg, Russia, time zone.
In other words, software is written in computer language sentences that humans can (sort of) understand and write if trained in a computer language. When finished, the software is “compiled” from source code into an executable program, often named *.com or *.exe in the Microsoft Windows context. Apparently, those malicious tools have been found installed or uploaded into computers targeted for hacking. The compiling process preserves the time that the software was compiled from source code sentences into a run-able program.
So their clue is that software tools used were generated during times when it is business hours in Russia’s Western (primary) population centers. Just because the time stamps are very often during Russian business hours, therefore, they blame Russia for the hacking. (Actually Russia’s scientific centers are much farther to the East in what used to be secret cities.)
What? The U.S. intelligence community thinks that computer nerds work on 9 to 5 schedules? Have you ever met a computer hacker? I have. I was a computer nerd In high school my sister declared that the computer on campus was my girlfriend.
Computer hackers as a group tend to work late into the night, sometimes obsessively. Computer nerds and hackers do not work normal business hours! Computer hackers do not work 9 to 5 jobs! Remember: They are trying to determine if lone wolf hackers or industrial espionage is responsible as opposed to the Russian government.
Even if there might be Russian computer experts on the payroll in Russia working 9 to 5, at the same time there are U.S. hackers up all night in the USA hacking away at 2:00 in the morning. So when it is “business hours” in Russia, thousands of computer enthusiasts are also awake all across the United States even though it is nighttime in the U.S.A.I have been in Eastern Europe and Russia. I have hired Russian computer nerds to work on our computers when I was a manager at International Trendsetters in Riga, Latvia. If a computer hacker is active during business hours Moscow time, he is probably not in Russia. Not unless it is Moscow, Idaho. He is probably up in the middle of the night in Silicon Valley on California time. If the time stamp is in the middle of the night in the U.S.A., it is more likely to be a U.S. hacker (lone wolf or industrial espionage) than a Russian government hacker.
Furthermore, Europe and the Middle East are only a couple hours difference from Moscow / St. Pete. Business hours in Tehran, Iran, overlap about 80% of the day with Moscow and St. Petersburg. If the geniuses who have taken over the CIA and NSA are tracking on business hours, they should be looking at Iran, not Russia.
So this is the kind of Mickey-Mouse analysis we are getting out of our billion-dollar intelligence community? The other clues relied upon were even worse, akin to the entrails of goats: Getting to know the typing patterns of certain known hackers, guessing based on what the hacker targets … This is circular reasoning of the worst sort. Mr. Mandia testified:
We started getting better software in place before-hand so it’s you can see key stroke by key stroke what they’re doing. Most senators don’t do command line execution but there are different commands you can type. There’s different letters you type in different orders. You start getting to know the attackers when you get that command level access to them. And it’s the malware they created, the IP addresses they used, the infrastructure they used, the people they actually target, the encryption algorithms, the password used, and the list goes on and on. We created a scheme in about 2006 on how you categorize the intelligence or the evidence or the forensics from an intrusion investigation, and we had over 650 different categories. I can’t go into all of them today. But trust me, you observe a group for 10 years or more, after a while we got the bucket right. App. 28 to us is a bucket. Every time we respond to them there’s enough, you know, criteria to gather that App. 28 is App. 29 is App. 29. App. 1 was PL 698. We couldn’t see GRU or FSB [Russian intelligence services]. It isn’t available to us in trace evidence. I will give you one last example because it’s understandable. When you look at the malware that’s been used in these attacks and their compile times, 98% or higher is compiled during business hours in Moscow or St. Petersburg. That’s a pretty good clue. And whoever’s doing it speaks Russian.
This is specious guesswork and circular reasoning: Because one person appears to be typing like another person—sending commands in a certain order—therefore it must be the same person doing it? Nancy Drew would not fall for that! That’s sheer nonsense, a house of cards. That’s speculation built upon speculation. There are 7 billion people on the planet. The idea that if you happen to type commands in a certain order, therefore it must be a Russian hacker linked to the Russian government is absurd. This is particularly true when the order in which commands are sent is narrowed by technical necessities of how computers work. It is not like writing poetry with literary license.
But notice how Mandia admits “We couldn’t see GRU or FSB. It isn’t available to us in trace evidence.” That is, there is absolutely no evidence that Russian intelligence was behind the hacking. Case closed.
Instead we have the “CSI effect.” Amateur, wannabe Sherlock Holmes and Hardy Boys now populating our billion-dollar intelligence services want to believe they can leap to conclusion based upon the hairs on the back of their neck or the dog that didn’t bark. Are we starting to see how they missed 9/11, the Tsarnaev Brothers, the rise of ISIS, the attack on Benghazi, etc., etc.? Apparently they are too busy reading Politico.