The level of gullibility displayed here is stunning. I completely agree that the fact of a hack existing is undisputed. However, electronic records, perhaps more than any records, lend themselves to being faked.

It's amusing that you would cite the example of the style of code keying of amateur radio operators. In WWII this was know as the "fist" of the operator. I refer you to appendix one of Leo Marks' excellent book "Between Silk and Cyanide" for just one account of how the opposing sides were able to study and fake each others' styles to create subterfuge. (You can thank me later for turning you on to a fantastic read.)

There may not be actual "fists" involved here but the point is more general: if an MO can be studied and understood, it can also be faked. For whatever reason. It could be part of a false flag operation. Alternatively, maybe it's not fake, but is done by rogue actors who carry their signature activities with them whether they are working for one interest or another.

Even with direct access to all the actual purported evidence, which we do not have, I still doubt we would know. And without seeing the evidence, I have to fall back on what I have learned about people in the US government, which is that they are often interested in saving face and finding scapegoats, even if it means inflicting collateral damage.

Hmm, I don't nominally think of my self as "stunningly gullible."

lets unpack this statement though: However, electronic records, perhaps more than any records, lend themselves to being faked.

It is certainly true that someone can edit and change electronic records and the tampering of such records, unless explicitly protected against, can be made indistinguishable from untampered records. But what is much more difficult is to tamper with records from a wide variety of unrelated sources to show the same thing.

For example, it is certainly possible for me to construct a record that says my "source IP" is KREMVAX[1] and to even have the source IP "logged" at the destination site as the origination point. But it is not possible for me to easily alter the s-flow records at Cogent which shows that the packet originated on a port on a router which is sitting in California. Yes, I can by a VPS in the Ukraine using bitcoin that has gone through several mixers but I cannot completely erase all of the packet sources that lead to that VPS. Yes, I can build an "IP over DNS" tunnel to disguise my traffic to the VPS as "harmless" DNS traffic but I cannot disguise how those DNS packets are propagated in the larger web.

The point I'm trying to make is that if you are a state actor (like the 17 intelligence agencies of the US) and the events leave traces (which they do), it is entirely feasible to unwind packet traces, money paths, and network events to the exact origin point. I was at Google when they Chinese did it to Google and got to watch on the sidelines the amazing amount of resource that could be brought to bear on the problem. And what it more, that incident and others less well publicized have lead to still more infrastructure which is completely passive and observational and captures all packet flows and meta data.

As a result, I find it completely believable that the origin of those attacks can be identified with certainty.

I believe it is reasonable to be skeptical about motivations and or command chain that lead to the attacks.

[1] A stand in for some IP Block allocated to Russia

I wasn't just thinking of records tampered after the fact. There is also the problem of genuine records created by the orchestrated actions of an imposter conducting a ruse. This would be the false flag possibility. I'm not saying I believe this is a likely scenario; just that it's a possible one.

And yes it would be hard for an imposter to leave all the right evidence. But if there is a hunt for a scapegoat and easy evidence is left in plain sight, there's a great temptation to just cherry pick that evidence, even if it's incomplete.

I don't know that the US isn't cherry picking and distorting whatever evidence they have. Sometimes the interests of multiple entities in government all align such that they put all their weight behind promoting one particular scapegoat. What you saw at Google must have been fascinating... is there a writeup? I was in the courtroom for the Wen Ho Lee hearings and got to watch (and privy to some behind the scenes stuff) the amazing amount of resources that could be brought to bear against an innocent scapegoat, and the contortions government actors would bend to in order to omit countervailing evidence and advance their false narrative.

False narratives have happened in other cases too... example, compare the New Yorker account of the killing of Osama bin Laden: http://www.newyorker.com/magazine/2011/08/08/getting-bin-lad... with Seymour Hersh's revisiting of the same episode, which tells a completely different story: http://www.lrb.co.uk/v37/n10/seymour-m-hersh/the-killing-of-... -- sometimes political expediency drives the investigation, more so than analysis of real facts.

>As a result, I find it completely believable that the origin of those attacks can be identified with certainty.

Strong statement. I was under the impression that TAO had tools which allowed them to hack many routers (potentially then rewriting the logs you speak of?) And I would expect they would not be alone in this. But even if you're right that they (on the inside of the investigation) can know with certainty, and even if going a step farther they DO know with certainty, we (on the outside) probably never will know. Too bad, because it would be nice to be able to trust our own government.

Edit: >have lead to still more infrastructure which is completely passive and observational and captures all packet flows and meta data.

OK that is kind of cool... or scary... depending on whether you are a black hat or not in whatever realm you're living under.

> So unlike the WMD scenario it seems incontrovertibly clear that some actor did do this.

what are you basing that on?

based on the USG's own best evidence (in this article), this was a canned wordpress exploit that isn't even really that new.

So why, exactly, is it necessary to invoke an adversary with state-level resources?

edit: citation

The word 'actor' does not in my vernacular assume 'state level' only that it was was a willful act by some person or group of persons.

> it seems incontrovertibly clear that some actor did do this

Thanks for clarifying.

It seems, though, that if "actor" only means "someone", then the claim become so broad that it's tautological (and irrelevant).

Except that in the context of the discussion it impeaches the WMD example. Specifically 'natch' presents the argument that the government had bad data about WMD development and presented it as fact, so this action presented as fact might be just as fabricated. And my response was (and still is) that unlike the WMD allegations where no WMDs were ever discovered nor precursor laboratories, that some 'actor' (and again could be an individual, could be a group, could be a state actor) "meddled", and that term is imprecise but adequately conveys the difficulty of quantification, in the 2016 presidential elections of the United States.

My claim was simply that the two assertions, WMD development and election interference, had fundamental differences in terms of the factual basis. Which for me makes it an invalid comparison.

Now, had their actually been a WMD of some type and we got wrong whether it had been Iraq, Iran, or Saudi Arabia that had done the development. That would make it more similar to documented interference in an election by one or more actors.

Interesting to come back to this now as even the President Elect agrees with the Assessment that it was Russia that ordered the interference.