As Donald Trump continues to downplay Russian cyberwarfare against the United States designed to help him win the presidential election, technical details are emerging.
The press gave a lot of attention to the sanctions against Russia announced yesterday. Republicans, including Senator Lindsay Graham and Speaker of the House Paul Ryan, reacted by saying these could and should have been harsher.
Some strong Trump backers say there’s no evidence of Russian involvement and Trump himself has suggested several times that the stolen electronic documents could have been procured by a sole individual, perhaps “somebody sitting on their bed that weighs 400 pounds.” Such statements deny the evidence-based conclusions of all U.S. intelligence agencies.
Evidence goes beyond the fact that the target and timing of the hacking helped Trump.
On the same day sanctions were announced, the FBI and Department of Homeland Security published a Joint Analysis Report about the activities of the Russian intelligence services (RIS).
Specifics include the following:Technical Details Indicators of Compromise (IOCs) IOCs associated with RIS cyber actors are provided within the accompanying .csv and .stix files of JAR-16-20296. Yara Signature rule PAS_TOOL_PHP_WEB_KIT { meta: description = “PAS TOOL PHP WEB KIT FOUND” strings: $php = “ 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }
Per the report, these efforts were done “to compromise and exploit networks and endpoints associated with the U.S. election.”
Another report will be completed before Trump takes office.
Trump’s refusal to take Russian cyberwarfare seriously will continue to rankle foreign policy hands and members of the intelligence community. Over 60% of Americans want this to be investigated; only 33% do not.
The U.S. will not simply “move on,” as Trump said he prefers. There will be an investigation by Congress or an independent commission.