Credibility of Cyber Firm that Claimed Russia Hacked the DNC Comes Under Serious Question
by Michael Krieger, Liberty Blitzkrieg:
Before I get to the meat of this post, we need to revisit a little history. The cyber security firm hired to inspect the DNC hack and determine who was responsible is a firm called Crowdstrike. Its conclusion that Russia was responsible was released last year, but several people began to call its analysis into question upon further inspection.
Jeffrey Carr was one of the most prominent cynics, and as he noted in his December post, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort:
The FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” was released yesterday as part of the White House’s response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks.
It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.
Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words — malware deployed is malware enjoyed!
If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.
If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didn’t means either that the evidence doesn’t exist or that it is classified.If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling “attribution-as-a-service”.
Nevertheless, countless people, including the entirety of the corporate media, put total faith in the analysis of Crowdstrike despite the fact that the FBI was denied access to perform its own analysis. Which makes me wonder, did the U.S. government do any real analysis of its own on the DNC hack, or did it just copy/paste Crowdstrike?
As The Hill reported in January:
The FBI requested direct access to the Democratic National Committee’s (DNC) hacked computer servers but was denied, Director James Comey told lawmakers on Tuesday.
The bureau made “multiple requests at different levels,” according to Comey, but ultimately struck an agreement with the DNC that a “highly respected private company” would get access and share what it found with investigators.
“We’d always prefer to have access hands-on ourselves if that’s possible,” Comey said, noting that he didn’t know why the DNC rebuffed the FBI’s request.
