Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 01 March 2018 12:30

Questions about DNC hack still hang over CrowdStrike

By

Security firm CrowdStrike appears to be trying to adopt a "business as usual" mode as it tries to make the world at large forget its role in one of the most publicised hacks of modern times: the breach of servers of the Democrat National Committee in 2016.

CrowdStrike was called in to investigate in June 2016 but curiously did not allow the FBI a look at the servers, even though there were many requests made by the organisation which was at that time headed by James Comey.

This seems strange, given the prominence of the DNC in the US political firmament. The only thing that CrowdStrike would agree to do was to would share its findings with the FBI.

But an independent analysis of CrowdStrike's claims about the malware that was used in the DNC attack does not seem to support the thesis that this could be definitely traced to Russia or any other country.

Independent security researcher Mark Maunder summed up his conclusions thus: "The IP addresses that DHS (Department of Homeland Security) provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

"The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website."

In December, CrowdStrike claimed that the same group which it said had attacked the DNC — Fancy Bear, which allegedly has Russian roots — had attacked artillery systems in Ukraine. But the very sources it had cited began to push back.

The International Institute for Strategic Studies told VOA News: "The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report’s authors.

"The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate."

CrowdStrike's chief technical officer Dmitri Alperovitch is reportedly an associate of the Atlantic Council, a so-called think-tank which has put out a string of anti-Russian articles with headlines like “Distract Deceive Destroy: Putin at War in Syria” and “Six Immediate Steps to Stop Putin’s Aggression.”

Alperovitch has lauded the abilities of the hackers, describing them as follows: “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter."

But then among the somewhat deranged conclusions reached by those wanting to pin the deed on Russia, was the location of the name “Felix Edmundovich,” in the metadata of one of the leaked documents.

This was interpreted as an obvious reference to Felix E. Dzerzhinsky, founder of the Cheka, the original name of the Soviet political police!

As the website Consortium News put it, "It was the equivalent of American intelligence agents uploading a Russian document under the name 'J. Edgar'. Since this was obviously very careless of them, it raised an elementary question: how could the hackers be super-sophisticated, yet at the same time guilty of an error that was unbearably dumb?"

What one finds difficult to comprehend is: if CrowdStrike is so sure about its conclusions, why did the company not agree to answers a few queries last year about the DNC hack, when it approached iTWire for publicity about other things?

A couple of other security firm, namely Secureworks and Trend Micro, were also pushing this Russia-hacked-the-DNC theme, but they engaged up to a point before staying silent.

My general query to both companies was on these lines: "You can't add up 'possibly', 'allegedly','supposedly' and 'probably' and come up with 'definitely'."

But in defence of both these firms, they were at least willing to answer queries up to a point.

Not so with CrowdStrike. In March last year, the company retracted and rewrote parts of the statements it used to back up the Russian claims. There were major changes, as this report makes plain.

CrowdStrike has failed to explain one more question about the DNC hack: former NSA veteran William Binney and ex-CIA analyst Ray McGovern have both provided evidence to show that the exfiltration of data from the DNC could only have been a local job, and not carried out over the Internet, due to the bandwidth that was needed.

Why doesn't CrowdStrike try to explain these puzzling things to close the chapter on the DNC hack?

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments