The evidence that Russia hacked the US election is lacking. This article looks into the claims about the “Dancing Bear” malware. Via Bloomberg:
I’m willing to believe that Russia sought to hack the U.S. election, but I still find the evidence lacking. That skepticism applies to the latest sensation — a report that Russian proxies in Ukraine are employing the same malicious software used on the U.S. Democratic National Committee.
For months, I have been parsing stories of the great Russian hack — the anonymous leaks from U.S. administration officials, the two fact-poor statements from the U.S. intelligence community, the distant echoes of briefings received by U.S. legislators — for technical evidence. There have been red herrings, such as a feeble attempt to prove that Trump was in contact with Russians through a server at Alfa Bank in Moscow (in reality, a marketing company was sending unsolicited email to Alfa managers). But so far, the only evidence pointing to Russian government involvement comes from cybersecurity companies that have studied Advanced Persistent Threat 28, a hacker collective that has attacked many targets over the years — including the DNC in 2016.
That evidence is best summarized in a 2014 blog post by the security firm FireEye. APT 28 attacks governments and militaries hostile to Russia or strategically important for it. APT 28 appears professional and well-financed. APT 28 uses Russian in its malware. The malware is compiled during working hours in the Moscow time zone.
CrowdStrike, the firm that detected the DNC hack, calls APT 28 Fancy Bear. Until recently, the company’s founder, Dmitri Alperovitch, saidhe had “medium level confidence” that the group was run by the GRU, Russia’s military intelligence service. Now, he says the confidence level has changed to high. The increase comes from the finding by CrowdStrike that a Ukrainian-developed Android application, used to simplify targeting data for the D-30 howitzer, was contaminated with a version of APT 28 malware.