Now that the Mueller report is out, there should be some clarification as to what it says about "hacking".
@tracybeanz
@RamsesGoat
@drawandstrike
@dekdarion
@realhublife
@dbongino
#MAGA

1) As a professional in the IT field, I find the information coupled with the conclusions in the report about this facet of the investigation to be woefully wrong. In this thread I'll go over it.

2) The word "appears" shows up many times in the sections referencing Russian cyber activity. The way it shows up doesn't show much confidence. No evidence or even a basic summary of the evidence for Russian "hacking" is ever provided.

3) For all the grousing over AG Barr's original summary of the report being incomplete...or something, The case made for Russian hacking here is extremely weak and seemingly based on media reports or the questionable sources of those reports.

4) Here are the facts. John Podesta used Google's Gmail service. Gmail is a web based e-mail system. Even when on mobile it's content still loads in a browser. E-mail messages from Gmail are NEVER saved to your computer when viewing them.

5) Everything you see in the Gmail window is loaded from Google servers and presented to you. You have to manually print or save those messages if you want them on your computer or phone. If you go back to a message it's loaded from Google again.

6) Podesta's Gmail account was "phished". Phishing is a social engineering tactic designed to trick you into giving up information like your password for accounts or your credit card into. You don't need to a computer to do this you can trick people into giving up info anywhere.

7) In an e-mail based phishing or "spearphishing" attack, an attacker crafts an e-mail designed to look like an official message from a bank, Google or some other company you may trust. it may scare you into thinking there is a problem with your account

8) in the message links are provided which usually lead to a web site which looks like a site from the company in the message. The web site however is fake and when you enter your info into that site, the attacker then has that info.

9) The advice is always DO NOT CLICK ON THE LINKS. You can tell if you look at where the links go that it isn't actually your bank or Google. In this case the attacker used a URL shortener.

10) Many people use URL shortener services to take long URLs and make them easier to read and perhaps type into a URL bar. They also obfuscate where the URL leads to. Unfortunately for the attacker, you have to register an account with these services to use them.

11) I always found it odd that this bread crumb would be left but whatever. An IP address was recorded for that account and traced to servers in Ukraine (funny how that place keeps popping up). Servers BTW also known to host exit nodes for the dark web. Trail end.

12) In Podesta's case and that of the DNC staffers who had Yahoo mail (another web based e-mail system) accounts compromised they were prompted to enter their e-mail passwords. In fact according to reports some DNC staffers clicked on those links as many as 3 times.

13) Once they have the password nobody needs to "hack" into anything they simply log in the same way the account holder would. Nobody's desktop, laptop or phone was broken into, the system accepts valid login credentials and whoever provides them is in.

14) Hacking exploits vulnerabilities in hardware and software, phishing exploits vulnerabilities in people. You didn't get hacked if someone tricks you into giving them your genuine login credentials for a web site. By all reports Podesta's password once was p@ssw@rd. Uh huh....

15) John Podesta was not "hacked". Neither were the DNC staffers. This distinction is important, because ALL transactions with their e-mail accounts had to go through Google or Yahoo.

16) In all the evidence provided for so-called "Russian hacking" literally nowhere is there a server log from Google or Yahoo showing a transfer of gigabytes of data (e-mails) going to a suspicious IP address.

17) There is however plenty of independently gathered evidence that when those messages were ultimately downloaded, they were then transferred to a solid state storage medium such as a USB memory stick, not transferred long distances over a network(s).

18) Independent computer forensic work has been done on this data and the data tells the story. This is the difference between a presentation by an information technology professional and ignorant people who binge watch NCIS and then think they know what "hacking" is.

19) and of course the difference between an IT professional and a biased, perhaps corrupt group who want to push a narrative and want to take advantage of you not knowing how this works.

20) Crowd Strike, the company who the DNC hired to investigate this "hacking" incident, also claimed that a file server at the DNC headquarters was hacked. This, if it actually happened IS a hacking attack. However Crowd Strike is the only party to have examined the file server

21) This file server (not an e-mail server), ironically is said to have been sitting next to a file cabinet broken into during the Watergate break-ins (either true or an unnecessary/weird embellishment to the story. You decide).

22) The claim is that malicious software was placed on this machine, presumably because a phished DNC staffer downloaded it. Which is why you don't open attachments in strange e-mails.

23) Their proof it was the Russians? A comment in the source code of the software which was in Russian. The problem? Hackers steal, trade and sell each other tools all the time. They modify the software often. A comment in the code in ANY language means exactly zero.

24) Because this hardware was never handed over in a proper chain of evidence to any authorities, we don't even know if it actually happened and the story is painfully weak. Crowd Strike has crystal clear conflicts of interest and we may soon find they broke laws in this affair

25) Having read the CS report I knew all this back then. Trying to tell people all this has been a stuggle. The most common refrain being "well maybe the CIA know more than you do". Well the reports have been issued the investigations done and no, they really don't.

26) I have said before that in many cases we are way too dazzled by technology for our own good. People who want to take advantage of that can do it easily. Contrary to what Mueller claims there is no proof the GRU hacked anything. Period. No proof Wikileaks worked with them.

27) The funny part about this is that the information derived from the DNC file server was the most boring and unsurprising information ever leaked about the DNC. Spreadsheets about donors and special favors is hardly a shock. The e-mails contained relevant info. Not "hacked"

28) I think Democrats need instead to focus on why people they wanted to be in charge of things, put information they claim was "vital to the integrity of the US election system" on Yahoo and Gmail.

29) Why did staffers keep clicking phishing links despite all the wornings out there about phishing? Could you do that at your workplace? What policies does your company have on these things?

30) After Hillary's private server debacle and this, do they have any place talking about security in government? Should they be trusted with unredacted reports?

31) We can debate who actually sent that data to Wikileaks, but the bottom line is the process wasn't harmed by the truth it was harmed by those trying to cover up the truth. /end

Addendum. In regard to our fascination with technology this also may be of interest.

https://twitter.com/Coder4Liberty/status/1117235759885561861