Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
All of the available evidence however does in our opinion suggest that the group operates<br />
on behalf of the Russian Federation. Kaspersky noted that based on the compilation<br />
timestamps, the authors of the Duke malware appear to primarily work from Monday to<br />
Friday between the times of 6am and 4pm UTC+0 [11] . This corresponds to working<br />
hours between 9am and 7pm in the UTC+3 time zone, also known as Moscow Standard<br />
Time, which covers, among others, much of western Russia, including Moscow and St.<br />
Petersburg.”<br />
However, since we know the NSA has altered the time stamps on previous programs, it<br />
would be a simple matter for them to also alter the time stamps on Cozy Duke. Here is a<br />
quote from Kaspersky about why they never attribute any cyber weapon to any nation:<br />
“Cyber-spies can stage false-flag operations: the evidence we use to attempt to identify<br />
attackers includes timestamps, words in particular languages in the malware code,<br />
names or nicknames, and the geographical locations of the command-and-control<br />
servers used. But such evidence is always circumstantial and can easily be forged.”<br />
http://media.kaspersky.com/en/Duqu-2-0-Frequently-Asked-Questions.pdf<br />
It is therefore possible to imagine that the time stamps on the Cozy Duke code are valid<br />
and that it was therefore written by Russians. However, such a naive claim ignores all of<br />
the other evidence – especially the fact that all the Cozy Duke “call home” server IP<br />
addresses are in the US or in countries friendly to the US - which leads to the conclusion<br />
that it was the NSA that wrote Cozy Duke. If we conclude that the NSA wrote Cozy Duke,<br />
then we must also conclude that it was the NSA and not Russia that hacked the DNC<br />
servers. Since the NSA motto is to hack everything, it should not surprise anyone that the<br />
NSA was hacking DNC servers – because the NSA hacks all servers.<br />
All of the above was reported and known prior to the DNC hacker attacks. Now that<br />
we have a better understanding of how Cozy Bear and Fancy Bear work, and the<br />
fact that both are far more likely to be NSA cyber weapons than Russian cyber<br />
weapons, let’s get back to the DNC hack.<br />
<strong>Hack</strong> <strong>Everything…</strong> A Detailed Timeline of the DNC <strong>Hack</strong> Page 29