Security Expert: US Govt's Alleged 'Russian Hack' Appears to Trace Back to Ukraine

Chris Menahan
InformationLiberation
Jan. 02, 2017

Popular
Fully Vaxxed ESPN Host Stephen Smith Says He Nearly Died After Contracting Covid
Not One Body Has Been Found At Indigenous 'Unmarked Mass Grave' In Kamloops, Canada
Fairfax Schools Tell Kids They're 'Privileged' If They're 'White,' 'Male,' 'Christian,' Or A 'Military Kid'
Army Conducting Two-Week 'Guerrilla Warfare Exercise' in Rural North Carolina Focused On Battling 'Freedom Fighters'
UK: Judges Refuse to Deport Afghan Convicted Rapist Out Of Fear The Taliban May Harshly Punish Him

The security experts behind the top WordPress security plugin Wordfence traced the malware mentioned in the FBI/DHS report claiming Russia hacked our election back to Ukraine.

Wordfence Founder/CEO Mark Maunder reports:

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don't appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

You can see from the screenshots he released the maker of the malware says they're Ukrainian.

Additionally, Maunder says the malware the USG report cites is quite outdated.

The "PAS" malware the USG cited was version 3.1.7, whereas now the program is now up to version 4.1.1.

Note, "UA" is short for Ukraine.

You can read all the specifics of how they found this data on their website. It totally blows apart the idea this was some sophisticated, next level "leet Russian haxor" operation and shows the hackers actually used not-so-sophisticated malware allegedly of Ukrainian origin.

Follow InformationLiberation on Twitter and Facebook.