How does the information you're describing (IP addresses used, ties to Russia, malware shape) help the average American if disclosed publicly? Because the harm seems immediate: bad actors will change their tactics and burn their channels, making them harder to detect, trace, or understand.

Given that the average American barely understands what a computer virus is, is the level of technical detail you're calling for sensible for public dissemination?

It helps Americans by bringing them more truthful journalism, by allowing the reporters to report independently verified facts rather than hearsay

Exactly.

I think it's also informative to look at how attribution was viewed in the past. We as a tech community used to almost pride ourselves on our skepticism, as can be seen in this Bruce Schneier post[0] on Stuxnet.

In the post (written in 2010), he points out that attributing Stuxnet to the US Government is "almost entirely speculation", that ties to the Bushehr nuclear power plant were "rumors" at the time, and that "Once a theory takes hold, though, it's easy to find more evidence".

It took years months of more research, technical similarities to the Flame virus, video of an Israeli intelligence official joking about the virus, and much more before the tech community accepted the theory that Stuxnet was a US Government creation.

I'm not saying there's a perfect solution, but surely we as a tech community have lost our skeptical tone and no longer see it as important to question the government's technical claims as we once did.

I have a feeling if the roles were reversed, and it were Trump crying foul about Russian hacking, that's exactly what we'd be doing.

[0] https://www.schneier.com/blog/archives/2010/10/stuxnet.html

Isn't the Stuxnet story actually a good example of the tech community maybe taking their scepticism too far?

I'm also really sceptical of what, if anything, the government could provide as evidence that people would accept. If the evidence is technical, that doesn't only prevent non-technical people from evaluating it. It also means it's susceptible to being called "fake" when it isn't.

Say, for example, the NSA has log data from a bunch of switches across the world, and maybe the Russians also tapped into a few honeypots. All the NSA then has is IP addresses and other system logs–all of which could easily be faked.

Concerning your last point: Yes, we would treat the reverse different. And there's nothing wrong with judging some information by their record: If I read something on a website that open 6 pop-ups for porn, and that I have never seen before, I'm going to trust it less than the New York Times, which has, contrary to popular myth, an excellent track record of trying their best and making it public when they fail.

Does the term "net gain" mean anything to you?

If it ends up that the government doesn't release the evidence because "our methods and the public is too stupid anyway" then we are heading for some incredibly dark times.

One thing people forget to mention about the FBI director 10 year term is that it wasn't put in place in order to have a director serve over a long period of time (somewhat like the SCOTUS) but to prevent somebody from amassing so much information and power that they can blackmail anybody.

That was decades ago, we now have agencies like the NSA who have far more information on people and if we are going to top that off with allowing them to make claims on wrongdoing without having to disclose actual evidence I just don't know such power could be kept in check.

Going by what we've seen so far (Crowdstrike report), the malware looks like an old copy of some freeware called P.A.S. and the IPs were mostly Tor exit nodes.