Author Archives: Steve McIntyre

Attribution of 2015-6 Phishing to APT28

In two influential articles in June 2016, immediately following the Crowdstrike announcement, SecureWorks (June 16 here and June 26 here) purported to connect the DNC hack to a 2015-6 phishing campaign which they attributed to APT28.  SecureWorks identified two malicious domains in their article. In today’s article, I’ll show that infrastructure from one domain are connected […]

DNC Hack due to Gmail Phishing??

In two influential articles in June 2016 (June 16 here and June 26 here), SecureWorks purported to link the then recently revealed DNC hack to Russia via a gmail phishing campaign which they had been monitoring since 2015 and which they attributed to APT28 (Fancy Bear). They had observed multiple phishing targets at, […]

Arrest of the “Lurk” Banking Trojan Gang

On June 2, 2016, in a major police operation in Russia, 50 hackers from the Lurk banking trojan gang were arrested following 86 raids (Security Week here). Their malware was used for bank fraud (especially in Russia) and ransomware all over the world. The full extent of their activities became clear only after their arrest. In […]

US East Coast Sea Level Rise: An Adjustocene Hockey Stick

In 2011, Andy Revkin wrote an article (archive) entitled “Straight Talk on Rising Seas in a Warming World” (among other articles on the topic), in which he optimistically sought guidance on the topic from a then recent study of U.S. East Coast sea level coauthored by Mann (Kemp et al, 2011).  Joshua Willis told Revkin “that, […]

New Antarctic Temperature Reconstruction

Stenni et al (2017), Antarctic climate variability on regional and continental scales over the last 2000 years, was published pdf this week by Climate of the Past.  It includes (multiple variations) of a new Antarctic temperature reconstruction, in which 112 d18O and dD isotope series are combined into regional and continental reconstructions. Its abstract warns that […]

Reconciling Model-Observation Reconciliations

Two very different representations of consistency between models and observations are popularly circulated. On the one hand, John Christy and Roy Spencer have frequently shown a graphic which purports to show a marked discrepancy between models and observations in tropical mid-troposphere, while, on the other hand, Zeke Hausfather, among others, have shown graphics which purport […]

Part 2- The TV5 Monde Hack and APT28

In his attribution of the DNC hack, Dmitri Alperovitch, of Crowdstrike and the Atlantic Council, linked APT28 (Fancy Bear) to previous hacks at TV5 Monde in France and of the Bundestag in Germany: FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s […]

From Nigerian Scams to DNC Hack Attribution – Part 1

In Crowdstrike’s original announcement that “Russia” had hacked the DNC, Dmitri Alperovitch said, on the one hand, that the “tradecraft” of the hackers was “superb” and their “operational security second none” and, on the other hand, that Crowdstrike had “immediately identified” the “sophisticated adversaries”.  In contrast, after three years of investigation of Climategate, UK counter-intelligence had […]

Guccifer 2: From January to May, 2016

Within the small community conducting technical analysis of the DNC hack, there has been ongoing controversy over whether Guccifer 2 (G2) was a false flag for the Russians, whether G2 was located in the US rather than Russia, whether the G2 files were copied locally rather than hacked, whether G2 was a false flag for […]

Guccifer 2 and “Russian” Metadata

The DHS-FBI intel assessment of the DNC hack concluded with “high confidence” that Guccifer 2 was a Russian operations, but provided (literally) zero evidence in support of their attribution.  Ever since Guccifer 2’s surprise appearance on June 15, 2016 (one day after Crowdstrike’s announcement of the DNC hack by “Russia”), there has been a widespread […]