Profile picture
Robᵉʳᵗ Graham 🤔 @ErrataRob
, 18 tweets, 3 min read Read on Twitter
1/ As a cybersec/hacking expert, I'm not sure I have much useful to add to the Mueller indictment of GRU officers in the hack of DNC. But that's not going to stop me from giving a few opinions anyway.
2/ Two years ago, I would've consoled that while we know it's Russians, we don't know that it's Putin. A lot of Russian hacking, as demonstrated by the so-called "Internet Research Agency", is not really tied to the Russian government, despite being pro Russian government.
3/ It's like soldiers in Ukraine. A lot are Russian mercenaries armed and paid for by Russian oligarchs, and not necessarily official Russian military. Disentangling this for proper attribution is hard.
4/ But now we have clear evidence pointing to which named GRU officers were involved in the DNC hacks, and which specific things they did. This should change your view of Putin's responsibility.
5/ Let's talk bitcoin. Yes, their technique of mining bitcoin themselves is an excellent way to get anonymous currency. But, if you pay for everything out of that same account, including things clearly attributable to you, then all those things become associated together.
6/ Bitcoin is pseudonymous not anonymous. If you mine it yourself, you need lots of addresses with small amounts, not one address with a large amount, because that ties all payments together.
7/ The Russian attacks were based on "phishing", sending emails designed to trick people. It's not really computer hacking, but human hacking, getting humans to disclose their passwords or install viruses/malware.
8/ Phishing is our primary nation state hacking threat, but organizations do little to defend against it. Sure, many solutions are hard, but many others are pretty straightforward, such as two-factor authentication.
9/ And I'll admit, two-factor authentication is harder and more costly than many of its proponents admit, but that's often because it's done wrong, such as requiring daily re-authentication to get email.
10/ The Russian hackers were lame. I don't know if there are other Russian hacker units doing smart things we haven't heard of, or whether they are all just as lame. I suspect they are a lame, at least the government ones.
11/ I mention this because smart hackers are able to earn a ton more money outside of their government, and are able to do much more creative hacks, and therefore long term, are probably more a threat than GRU hackers.
12/ Some of the "hackers" named in the indictment are just IT support, mere office workers maintaining computers, writing code, mining coins, etc. The actual hackers are just the tip of a very long spear.
13/ We idolize the "hackers" as the technical geniuses, but in the indictment, we see those doing the actual hacking as being probably those with the least technical skill. It's the IT workers with the technical skills.
14/ Hacking is less a factor of hackers being smart, but defenders being weak. The DNC computers were weak. Humorously it appears Hillary's infamous private email server was strong and un-hacked.
15/ I see political tweets that go off the rails on both sides of this, either ignoring clear evidence of Russian influence on the election, or pretending Trump was more involved than he was. Please stop that.
16/ Until Mueller comes up with something else, this isn't about Trump but about the Russians. They committed many felonies in order to influence our election and we should care about that, regardless who won the election.
17/ Indeed, it seems the goal of their meddling was less about supporting any one candidate and more about causing us to fight against ourselves. So the more you politicize this, one way or the other, the more Putin wins.
18/ Influence hacking is like terrorism, it can't work unless we give into it.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham 🤔
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!