- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: So the DNC Server is Clearly Not Important to the Investigation
Posted on 7/17/18 at 8:23 am to Wolfhound45
Posted on 7/17/18 at 8:23 am to Wolfhound45
quote:
So what did Crowdstrike examine to determine a hack had occurred? How did they arrive at their conclusions? It seems it is essential to know this.
quote:
When CrowdStrike came to the DNC, it moved quickly. Using a system called Falcon, a two-megabyte agent installed on systems without the need for a reboot, it profiled every action that occurred at a programme level on the hundreds of machines owned by the DNC. One clue might be a programme behaving abnormally; it might be the unusual transfer of millions of documents. "We're not looking at any personal data, any documents or emails," explains Alperovitch. "We're just looking at what is being executed."
Every action at a system level on the DNC's computers was recorded and checked against CrowdStrike's bank of prior intelligence (the company processes 28 billion computer events a day). "Almost immediately, Falcon started lighting up with a number of indications of breaches of the DNC network," Alperovitch says.
One question had been answered: there was definitely someone rummaging around the DNC servers. But who? CrowdStrike checked its records, seeing whether the methods used for the hack matched any they already had on record. They did. Two groups, working independently, were secreting away information, including private correspondence, email databases and, reportedly, opposition research files on Donald Trump. "We realised that these actors were very well known to us," Alperovitch says. This is because of a handful of small but significant tells: data exfiltrated to an IP address associated with the hackers; a misspelled URL; and time zones related to Moscow. "They were called FANCY BEAR and COZY BEAR, and we could attribute them to the Russian government."
Both the groups had a long rap sheet. COZY BEAR - which had been inside the DNC's system since the summer of 2015 - had previously hacked the White House and the US State Department. FANCY BEAR - which had breached the network separately in April 2016 - had hacked victims across the world, including the German Bundestag. The vulnerabilities were quickly closed, but the damage had already been done.
LINK
Posted on 7/17/18 at 8:25 am to Decatur
Why not just hand over the servers now and eliminate this entire line of questioning?
Posted on 7/17/18 at 4:21 pm to Decatur
quote:So help a neophyte, isn't that another word for being installed on the server without a reboot?
installed on systems
Popular
Back to top
Follow TigerDroppings for LSU Football News