Okay,1. how do you think they are able to get the MAC address ? E.g. from the Chinese machines for example? Mac are layer two, e.g. normally not visible outside the first hop. A vpn connection would normally be encrypted, so you would not see the Mac of the end host. 2. Also, virtual machines also use a specific range. When generated. So you can tell it’s an VMware. They do this as an commercial. 3.And why would the voting machine admins go out of their way to randomise the MAC address an all of the machines. 4.And what would be the prob. that all of the Chinese machines would have gone out of their way to randomise their Mac ?
That log he has there could just be some random flow information extracted from an random US ISP. I would say it’s not proof. Until you know exactly where that flow information was taken from.
What I would do further is to verify that the people in the film actually are the people they claim to be.
There are of course many types of virtual machines one of them are VMware. Qemu, kvm, virtual box, and docker containers are example of other vm. But as I understand you would have to go out of your way to have an unique address. Because it’s safer to pick from a predefined range in order not to have the unlikely , okay very unlikely event of an collision. But still they most often I would think be generated using vendor bytes in the 4 or 6 first hex values of the mac. Yes, maybe a skilled hacker would use an random MAC address, but I would think they also would be a bit lazy so the prob. that all of the mac in the list is generated I would think unlikely.
I am a sys admin, let me shed some light on this.
Almost all "hacking" is done via Virtual machines nowadays. Most people who are running 0-days or accomplished "hackers" are using Linux VM's.
The most common linux distro for cyber attacks is TAILS. On tails you can generate any custom MAC you want to act as your virtual ethernet adapter.
TLDR: Anyone running Linux VM's for cyber attacks is never going to have a manufacture verifiable MAC.
It would be WAY more suspicious to see a MAC that could be verified by manufacturer in this instance.
Please upvote for visibility.
Okay,1. how do you think they are able to get the MAC address ? E.g. from the Chinese machines for example? Mac are layer two, e.g. normally not visible outside the first hop. A vpn connection would normally be encrypted, so you would not see the Mac of the end host. 2. Also, virtual machines also use a specific range. When generated. So you can tell it’s an VMware. They do this as an commercial. 3.And why would the voting machine admins go out of their way to randomise the MAC address an all of the machines. 4.And what would be the prob. that all of the Chinese machines would have gone out of their way to randomise their Mac ? That log he has there could just be some random flow information extracted from an random US ISP. I would say it’s not proof. Until you know exactly where that flow information was taken from.
What I would do further is to verify that the people in the film actually are the people they claim to be.
There are of course many types of virtual machines one of them are VMware. Qemu, kvm, virtual box, and docker containers are example of other vm. But as I understand you would have to go out of your way to have an unique address. Because it’s safer to pick from a predefined range in order not to have the unlikely , okay very unlikely event of an collision. But still they most often I would think be generated using vendor bytes in the 4 or 6 first hex values of the mac. Yes, maybe a skilled hacker would use an random MAC address, but I would think they also would be a bit lazy so the prob. that all of the mac in the list is generated I would think unlikely.