Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 26 December 2017 07:03

Immunity's Aitel backflips on WannaCry claims, Kaspersky

By

The head of American security firm Immunity, Dave Aitel, appears to be backtracking on his claims, made in August, that British security researcher Marcus Hutchins had "something to do" with the WannaCry ransomware which hit Windows computers globally in May.

Hutchins was hailed as a hero by many after he accidentally stopped the spread of WannaCry by registering a domain that was present in the malware's code. He was later arrested in Las Vegas over alleged charges of having created a banking trojan named Kronos, along with an unnamed co-conspirator.

Aitel made the claim about Hutchins' alleged connection to WannaCry on his blog. But on 23 December, he took a step backwards, writing, "In fact, I had bet @riotnymia some INFILTRATE tickets that this would go the other way. Looks like she should book a trip! :)" @riotnymia is the Twitter handle for Emma McCall, a cyber security analyst at Riot Games.

INFILTRATE is a security conference which Aitel's company organises annually.

Aitel did not explain exactly how the rest of the world should know about his private wagers and rank them above his public pronouncements.

His comments came a few days after US homeland official Tom Bossert publicly laid the blame for WannaCry on North Korea. iTWire ran a story that pointed out this, in effect, left egg on Aitel's face given his earlier public claim about Hutchins.

I contacted Aitel on Twitter, asking, "I asked you for your take on the WannaCry announcement. You chose not to reply. You publicly claimed Marcus Hutchins was behind WannaCry. Are you now denying that?" Unsurprisingly, he has not replied.

In his 23 December post, Aitel praised Bossert, but criticised journalists at his (Bossert's) media conference for asking about the NSA link to WannaCry — one NSA exploit, ETERNALBLUE, which was leaked on the Web by the Shadow Brokers last year was used by the attackers — and also hitting out at those who asked about the US Government's Vulnerability Exposure Policy. "There was the usual blame-the-NSA VEP nonsense which he (Bossert) pushed back on strongly and (imho) correctly," Aitel wrote.

The VEP appears to be a sensitive topic with Aitel; his company follows a policy of buying exploit information from others and then using it to protect his own customers against those exploits. The companies whose products are vulnerable are never told about the flaws.

The NSA has been criticised for crafting exploits for flaws that it has never disclosed to companies. Aitel, it must be mentioned here, is a former NSA employee.

Aitel also implicitly criticised iTWire for saying he had egg on his face, pointing out, "A more balanced approach was taken by TechBeacon taking into account Brian Kreb's article." This is the same Krebs who quietly pulled an article in which he had claimed a Russian link to the Shadow Brokers leak, publishing a note about it at the end of another article and disabling comments on that piece. Well-known blogger Marcy Wheeler has questioned whether Krebs had some kind of agenda in writing this article.

When Krebs was asked about it in the comments on his next article, personal slurs suddenly started appearing under fake names.

krebs comment one

The comment below appeared after Krebs had been contacted by email — his contact email is not on the home page of his site, but buried in a long, laudatory spiel about himself — and provided the correct address for my personal blog. To call it childish and puerile would be dignifying it.

krebs comment two

Aitel also took up cudgels for Kaspersky Lab, a Russian security firm whose products have been banned from use in the US public service. "We resolutely torture people and companies accused of hacking based on essentially tea-leaf reading from law enforcement (on one hand) or our intelligence organisations (in the case of nation state attribution). Kaspersky, of course, is one of those," he wrote.

But a few months back, Aitel was on a different track (listen from 34:00 onwards): "Kaspersky is an intelligence asset of the Russian Government and I'm amazed that we haven't seen action yet from the Australians, and the Germans and the Brits to do exactly what the US did – which is basically ban it. I mean, at the point when Best Buy pulls your product off the shelves, I mean someone at Best Buy got a message and a briefing from an US Government official that said, 'this has to go'.

"Listening to Kaspersky, he understands clearly what the Americans are saying about his product and he's pretending that he doesn't. On the other hand, he has 300 million reasons a year not to deal with the behaviour that they are accusing him of. He probably thought he'd never get caught.

"It's hard to believe what he is saying on Twitter and his interviews... I don't see any possibility that Kaspersky A-V is not a signals intelligence tool."

Ironically, these comments were made on a marketing podcast put out by Patrick Gray, an Australian who once used the methods of Fox News — "some people are saying" — to accuse Aitel of unethical practices.

Gray's podcast lists the week's security stories (all compiled from other sources), rubs businesses the right way and when people criticise him, he blocks them from his Twitter feed.

patrick gray twitter block2

If anything, this whole merry-go-round illustrates one thing: in infosec, as in life, all is not as it seems.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments