“Proof” of Russian Hacking is Destroyed by Experts
Experts Destroy White House ‘Proof’ of Russian Hacking
Two expert analyses from the intelligence community are destroying the Obama administration’s “proof” of Russian hacking.
On Thursday, as part of the White House response to alleged Russian hacking, the FBI and DHS released a Joint Analysis Report (JAR) called “Grizzly Steppe.” While this report was meant to prove, or at least provide evidence, that the Russian government was involved in hacks of the Democratic Party, experts have stated that it “adds nothing.”
Jeffrey Carr, a cybersecurity consultant, author, and founder of the Suits and Spooks conference, wrote in an analysis that the report merely lists every threat group ever reported on by a commercial cybersecurity company suspected of having ties to Russia, labeling them “Russian Intelligence Services,” without evidence that any such connection exists.
“Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it,” Carr wrote, adding, “It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words — malware deployed is malware enjoyed!”
Carr added that if the White House had unclassified evidence tying Russia to the DNC hack, the evidence would have been made public by now. Since they have not made evidence public, he, like many other members of the intelligence community, believes that it is either classified or it simply does not exist.
“If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling ‘attribution-as-a-service,’” Carr stated.
Likewise, Robert M. Lee, a National Cybersecurity Fellow at New America and CEO and founder of cybersecurity company Dragos, published a thorough critique of the JAR, saying it “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” — Robert M. Lee (@RobertMLee) December 29, 2016
“The list of reported RIS [Russian intelligence services] names includes relevant and specific names such as campaign names, more general and often unrelated malware family names, and extremely broad and non-descriptive classification of capabilities,” Lee wrote. “It was a mixing of data types that didn’t meet any objective in the report and only added confusion as to whether the DHS/FBI knows what they are doing or if they are instead just telling teams in the government ‘contribute anything you have that has been affiliated with Russian activity.’”