Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 01 March 2018 12:30

Questions about DNC hack still hang over CrowdStrike


Security firm CrowdStrike appears to be trying to adopt a "business as usual" mode as it tries to make the world at large forget its role in one of the most publicised hacks of modern times: the breach of servers of the Democrat National Committee in 2016.

CrowdStrike was called in to investigate in June 2016 but curiously did not allow the FBI a look at the servers, even though there were many requests made by the organisation which was at that time headed by James Comey.

This seems strange, given the prominence of the DNC in the US political firmament. The only thing that CrowdStrike would agree to do was to would share its findings with the FBI.

But an independent analysis of CrowdStrike's claims about the malware that was used in the DNC attack does not seem to support the thesis that this could be definitely traced to Russia or any other country.

Independent security researcher Mark Maunder summed up his conclusions thus: "The IP addresses that DHS (Department of Homeland Security) provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

"The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website."

In December, CrowdStrike claimed that the same group which it said had attacked the DNC — Fancy Bear, which allegedly has Russian roots — had attacked artillery systems in Ukraine. But the very sources it had cited began to push back.

The International Institute for Strategic Studies told VOA News: "The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report’s authors.

"The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate."

CrowdStrike's chief technical officer Dmitri Alperovitch is reportedly an associate of the Atlantic Council, a so-called think-tank which has put out a string of anti-Russian articles with headlines like “Distract Deceive Destroy: Putin at War in Syria” and “Six Immediate Steps to Stop Putin’s Aggression.”

Alperovitch has lauded the abilities of the hackers, describing them as follows: “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter."

But then among the somewhat deranged conclusions reached by those wanting to pin the deed on Russia, was the location of the name “Felix Edmundovich,” in the metadata of one of the leaked documents.

This was interpreted as an obvious reference to Felix E. Dzerzhinsky, founder of the Cheka, the original name of the Soviet political police!

As the website Consortium News put it, "It was the equivalent of American intelligence agents uploading a Russian document under the name 'J. Edgar'. Since this was obviously very careless of them, it raised an elementary question: how could the hackers be super-sophisticated, yet at the same time guilty of an error that was unbearably dumb?"

What one finds difficult to comprehend is: if CrowdStrike is so sure about its conclusions, why did the company not agree to answers a few queries last year about the DNC hack, when it approached iTWire for publicity about other things?

A couple of other security firm, namely Secureworks and Trend Micro, were also pushing this Russia-hacked-the-DNC theme, but they engaged up to a point before staying silent.

My general query to both companies was on these lines: "You can't add up 'possibly', 'allegedly','supposedly' and 'probably' and come up with 'definitely'."

But in defence of both these firms, they were at least willing to answer queries up to a point.

Not so with CrowdStrike. In March last year, the company retracted and rewrote parts of the statements it used to back up the Russian claims. There were major changes, as this report makes plain.

CrowdStrike has failed to explain one more question about the DNC hack: former NSA veteran William Binney and ex-CIA analyst Ray McGovern have both provided evidence to show that the exfiltration of data from the DNC could only have been a local job, and not carried out over the Internet, due to the bandwidth that was needed.

Why doesn't CrowdStrike try to explain these puzzling things to close the chapter on the DNC hack?


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments