6/13/2017 7:29:00 AM Regarding Mr. Douglass's
discussion of hacking
To the Editor:
Having read the blunt assertions made by Mr. Jim Douglass in his May 16 letter, I am baffled by his claims regarding the ease of tracking hackers. My befuddlement has comparatively little to do with the ongoing debate of whether or not Clinton's campaign was compromised by state actors. Rather, I am curious about his glib assertion that hacking leaves an "instant trail" which can be traced unequivocally back to the origin of the attack. I tend to be deeply frustrated by these sorts of assertions, particularly when the writer provides neither evidence, arguments, nor credentials to build any sort of confidence in a claim made with such an extreme degree of certainty.
For the purposes of full disclosure, I am somewhat inclined to believe that a hacking group aligned with Russian interests compromised systems associated with the Clinton campaign, though I find the publicly available evidence for full-fledged state collusion lacking in key areas. However, I am a stickler for well-reasoned technical arguments, and it dismays me to see so many wild and baseless claims thrown out with little regard for how computers actually function in the real world.
What sort of trail does he have in mind? Something involving the IP address from which the attack originated? While it is true that many lazy, amateurish, and otherwise incompetent hackers are easily traced, it is not clear that this is true of coordinated groups acting with any meaningful degree of skill or forethought.
A significant portion of modern computer viruses are not designed to steal data on their own. Instead, they silently compromise machines to create what are called 'botnets.' An infected computer (which may be, for example, someone's computer in their home office) functions like a normal computer the majority of the time. However, hackers can readily access the infected computer and use it for their purposes, nefarious or mundane. Moreover, these botnets can comprise thousands or millions of machines.
Given this, simply looking at the access logs in the computer targeted by the hacker is not necessarily sufficient for tracing an attacker (Assuming such logs are even reliable; competent attackers have techniques for destroying or manipulating them).
Tracking the origin of a cyberattack requires following a trail of computers. However, this can become exceptionally difficult; techniques like "onion routing" use strong cryptography to further obfuscate the trail of accesses. Recovering the identity of attackers who use onion routing isn't impossible, but it is generally neither trivial nor instant (To my knowledge; for all I know, the NSA may disagree). However, Mr Douglass's assertion is not predicated on the impossibility of tracing hackers, but simply that hacking yields his so-called "instant trail."
In my mind, he is doing his argument an incredible disservice with his glib and poorly sourced assertions. One might even argue he is actively harming his own argument; much of the argument for Russian hacking (as I understand it) is predicated on the fact that the attack follows the methodology of hacking groups affiliated with Russia. A true analysis would likely require a deeper understanding of the information obtained by GCHQ, NSA, and other signals intelligence agencies. Clearly, this evidence is not forthcoming, for reasons which some will view as nefarious, and some will view as the ordinary prudence of intelligence agencies.
However, Mr. Douglass has not provided any sort of compelling technical argument for his position and his letter is weaker for it.
Posted: Tuesday, June 13, 2017
Article comment by:
An excellent and clear explanation by Mr. Vaughn. Sadly he fails to understand that this is a witch hunt, and that the McCarthyesque propagandists pursuing phantom witches could care less about facts.