Dangerous Pseudo-Science in Cyber Security - The Digital Transformation People

July 13, 2018

Note: this isn’t our normal fare on WUWT, but we do occasionally carry political pieces. What makes this interesting is that Steve McIntyre (ClimateAudit) is involved in researching it. -Anthony

The CrowdStrike Con

In my opinion: CrowdStrike is a fraud

From its beginning in 2012, CrowdStrike has been using fraudulent attribution methodology to attract publicity, to confuse customers, and to alarm potential customers. Alarmism and fraud were hallmarks of Obama’s administration. CrowdStrike’s close relationship with the Obama administration, especially FBI Director Robert Mueller (until 2013), and rotating door between them ensured not only impunity, but quick success. CrowdStrike was valued at $3B in the last investment round, and closed around June 16.

Since around 2005, corporations and government agencies faced a new kind of cyberthreat: external intrusions into their networks followed by data theft. Technological solutions have failed. The intrusions usually started when hackers obtained some insider’s password or tricked a user into installing malware on his or her computer inside of the network. Malware components are frequently the same or similar, because hackers sell code to each other and frequently open source it. The hackers are caught only rarely. A hacker anywhere in the world can use an intermediate computer anywhere else in the world. The Obama administration had other priorities than securing U.S. networks.

Volunteers and security companies classified hackers’ methods and malware families. In 2011, Dmitri Alperovitch, a former VP of threat research in McAfee, came up with a trick. He announced: ” You don’t have a malware problem, you have an adversary problem. ” He claimed that advanced malware families are unique to hacker groups, and that the hacker groups can be identified by the kind of malware they use. This was a false statement. Alperovitch doubled down by claiming that he could identify a foreign government behind most intrusions. Thus, he moved the discussion from the technical realm into the political one. In his first attribution he pointed finger at China. Later, Alperovitch even claimed to know which unit of PLA had committed intrusion, and the DOJ indicted its officers!

Alperovitch also became a media star. When a big data loss is announced, nobody wants to listen to technical details. People want to know whodunnit. Honest cybersecurity experts did not know. Alperovitch claimed he did and was always able to point a finger at the governments of China, Russia, Iran, or North Korea. Some of these attributions might have been accidentally correct. It is possible that CrowdStrike clients liked this approach as well. Being hacked by China or Russia sounds better than being hacked by an unknown guy in the Bahamas or some other exotic location. Of course, CrowdStrike was embraced by the Obama administration, and enjoyed all the perks that came from this embrace.

Alperovitch did not make a secret of his method. When CrowdStrike encountered a new type of malware, the first thing it did was a national attribution, which was reflected in the name of the group, and alleged having exclusive possession of it. For example, alleged Russian groups were given a name ending with Bear. Thus, the national attribution is made first and could not be changed no matter how much contrary evidence accumulates later.

The Hillary Campaign

Note that the date when CrowdStrike was called in and other factual details differ between the stories told by CrowdStrike in 2016 and by the DNC in a lawsuit filed on April 20, 2018 ( Democratic National Committee v. the Russian Federation, General Staff of the Armed Forces of the Russian Federation … Donald J. Trump for President Inc. …). The date was May 6 according to CrowdStrike and April 28 according to the DNC. This is how dumb the Democratic Party became; not surprising that it has selected Michael Mann as the climate advisor and Dmitri Alperovitch as the cybersecurity advisor. According to CrowdStrike, within 10 seconds its software “found” the culprit. The lot fell on the Russian government.

The DNC was unmoved. It knew that Putin preferred Democrats to Republicans. The Obama administration had just accommodated Putin’s unprovoked aggression against Ukraine. Putin annexed the Crimean Peninsula and occupied the most industrially developed areas of Ukraine without much reaction from the U.S. Compare that to the U.S. reaction in 2008 when Russia clashed with Georgia after the latter shelled Russian forces there. George W. Bush sent a destroyer with “humanitarian aid,” which I think was an overreaction. Trump promised, and proved, to be a stronger president than Bush. Hillary was not just accommodating to Russia. On the photos of Hillary and Putin together, she looks like his girlfriend. Not to mention Uranium One and other love stories.

When journalists looked at this document they discovered an error message in Russian. The fifth estate (acting more like the fifth column) wrote that that was a proof that the Russian government had been behind the intrusion. The ultra-sophisticated GRU hackers made a mistake by copying and pasting the content of the original file on a computer with default Russian language settings! The journalists writing on the subject did not give a thought to the fact that Russian is the native language to tens of millions of people outside of Russia. Those who did probably decided not to write about it at all.

The opposition research file with “Russian fingerprints” might had been forged by the DNC or CrowdStrike and fed to the purported hackers with two purposes: to bring attention to the content (i.e., smears) against Trump, and to prove the “Russian connection.” That suggests that somebody involved (in the DNC or CrowdStrike) did not believe in the Russian connection from the beginning.

By its own admission, CrowdStrike watched over the activities of two teams of alleged Russian government hackers from May 6 until early June. Such behavior doesn’t make sense. Even given the infinite trust Hillary had in Putin, the DNC’s IT department should have shut down the Internet connection immediately, then changed all passwords and sanitized all computers. Apparently, in 2016 Obama’s friends felt they didn’t need to make their lies believable. If somebody didn’t believe, it was his problem.

But the only meaningful question is who released the DNC’s dirty laundry to the public, not whether the DNC had been hacked, by whom, or how many times. Some think the documents were originally leaked by DNC staffer Seth Rich, who was later murdered. The first document dump had a bad surprise for the DNC – files with the names and other information of the donors. Something went not according to plan.

Hillary felt betrayed by Putin. Hell hath no fury like hers. Hillary and the Democratic Party started accusing Russia and Putin of all thinkable and unthinkable crimes, attempting to re-start the Cold War with a single purpose – to remain in power. That brings to mind the words of one of the largest Democrat donors and climate alarmists in an interview with Rolling Stone: ” Maybe we can have, like, a nuclear war and then we get a real course correction.” Two years have passed, but who knows how long they’ve been dreaming about a nuclear war. Before Trump, Steyer was equally obsessed with carbon dioxide.

Within less than six months from July to December 2016, the electronic media, joined at the hips with the DNC, entirely rewrote the history of Hillary-Putin relationships. Even many conservative writers forgot that Hillary started to malign Russia and Putin in July 2016 after the alleged hacking and leaking of the DNC documents. Hillary had excellent relationships with Putin before the leak. The DNC leak caused Hillary’s hostility towards Putin and Russia, not the other way around. That’s easy to see with Google Trends, as shown below.

The “consensus” around the DNC leaks attribution was manufactured through circular reasoning. CrowdStrike published samples of malware, which it had allegedly found on the DNC servers, and some security firms supported its baseless attribution claims to scare up some business and to stay in good grace with putative winners of future elections. Later, Obama’s cadres in the DNI, CIA, and FBI used the same compromised data to compose an intelligence community assessment, falsely claiming that the Russian government interfered in the 2016 elections against Hillary. An unclassified version of it has been published on January 6, 2017. The FBI and CIA expressed high confidence in the assessment, but the NSA distinguished itself by expressing only moderate confidence.

Steve McIntyre Weighs in

Steve McIntyre performed some analyses and wrote about the DNC leak in ClimateAudit. I cannot express it better, so I quote:

https://climateaudit.org/2017/09/02/email-dates-in-the-wikileaks-dnc-archive/ There were no fewer than 14409 emails in the Wikileaks archive dating after Crowdstrike’s installation of its security software. In fact, more emails were hacked after Crowdstrike’s discovery on May 6 than before. Whatever actions were taken by Crowdstrike on May 6, they did nothing to stem the exfiltration of emails from the DNC.

Isn’t it fun to work with a security company like this? I couldn’t care less what security companies the DNC uses to secure its own network, but Obama’s administration gave CrowdStrike government contracts. It also allowed countless leaks of confidential information from supposedly secure government networks – hardly a coincidence.

https://climateaudit.org/2018/03/24/attribution-of-2015-6-phishing-to-apt28/ In two influential articles in June 2016, immediately following the Crowdstrike announcement, SecureWorks (June 16 and June 26 ) purported to connect the DNC hack to a 2015-6 phishing campaign which they attributed to APT28. … Attribution of the phishing campaign to APT28 was therefore done on the basis of infrastructure connections. But while there is an infrastructure association to APT28 but there is also an association to a prominent crimeware gang.

APT stands for Advanced Persistent Threat. APT28 is Fancy Bear.

https://climateaudit.org/2017/10/06/whiskers-on-software-part-1/ In Crowdstrike’s original announcement that “Russia” had hacked the DNC, Dmitri Alperovitch said, on the one hand, that the “tradecraft” of the hackers was “superb” and their “operational security second none” and, on the other hand, that Crowdstrike had “immediately identified” the “sophisticated adversaries … I draw the contrast to draw attention to the facial absurdity of Crowdstrike’s claim that the tradecraft of the DNC hackers was “superb” – how could it be “superb” if Crowdstrike was immediately able to attribute them? In fact, when one looks more deeply into the issue, it would be more accurate to say that the clues left by the DNC hackers to their “Russian” identity were so obvious as to qualify for inclusion in the rogue’s gallery of America’s Dumbest Criminals, criminals like the bank robber who signed his own name to the robbery demand. To make matters even more puzzling, an identically stupid and equally provocative hack, using an identical piece of software, had been carried out against the German Bundestag in 2015.

Bundestag fire!

https://climateaudit.org/2017/10/10/part-2-the-tv5-monde-hack-and-apt28/ “Re-reading the two stages of contemporary articles, the first analyses of malware, linking back to malware known in Arabic language forums, to IP addresses in Iraq and Algeria and to jihadi-sympathizing hackers, are much more specific than the subsequent analyses attributing the hack to APT28, which did not present a single technical detail (hash, IP address etc.) It is also frustrating and troubling that the proponents of APT28 attribution did not discuss and refute the seemingly plausible connections to jihadi sources. It is also troubling that so much emphasis in contemporary discussion of FireEye’s analysis incorrectly associated the Cyrillic characters previously described by FireEye in October 2014 with the TV5 Monde incident. Second, the confidence of attribution to APT28 was dramatically aggrandized in subsequent reporting, fostered in part by inaccurate original reporting. Contrary to newspaper reports, Trend Micro did not attribute the seizure of TV5 facilities to APT28. Its assessment was indeterminate, weakly preferring that the seizure was separate from APT28 eavesdropping.” https://climateaudit.org/2017/10/02/guccifer-2-from-january-to-may-2016/ “To my eye, there is convincing evidence that G2 actually hacked Democrat Party computers from at least January 2016 on. This is inconsistent with Adam Carter’s theory that G2 was a false flag operation by Crowdstrike and the DNC – the metadata points to too early a start to support such a theory. G2 metadata also points too early for G2 to be a false flag by Fancy Bear/APT28 who are said to have gained access only in April 2016.”

Details

History Rewriting

The following Google Trends graph shows the ratio of Google searches for Putin and Russia over time. The number of searches is a proxy for the ratio of mentions in the media. The media was totally on Hillary’s side. She controlled the media narrative on Russia and Putin. The red line for Russia stays low in the range of 30-40% from the beginning of 2016 until the week of July 24. Discovery of the data leak is not noticeable. Even announcement of DNC hacking by Russia on June 14 coincides with only little bump for Russia searches. The lines for both Putin and Russia go up on the week of July 24, after Hillary became angry with continuing publication of the leaked documents and decided to connect Putin to Trump, and to malign them together. From the early October until after the elections the searches for Russia and Putin stay at abnormally high level. Searches for Putin reach peak on the election week, starting at November 6.

Anybody can search MSM websites and see many articles from August – November of 2016, alleging that Trump is associated with Putin and that Hillary would “hold Putin accountable” for something.

“If Hillary Clinton is elected president, the world will remember Aug. 25 as the day she began the Second Cold War. In a speech last month nominally about Donald Trump, Clinton called Russian President Vladimir Putin the godfather of right-wing, extreme nationalism. To Kremlin-watchers, those were not random epithets. Two years earlier, in the most famous address of his career, Putin accused the West of backing an armed seizure of power in Ukraine by “extremists, nationalists, and right-wingers.” Clinton had not merely insulted Russia’s president: She had done so in his own words. Worse, they were words originally directed at neo-Nazis. In Moscow, this was seen as a reprise of Clinton’s comments comparing Putin to Hitler. It injected an element of personal animus into an already strained relationship – but, more importantly, it set up Putin as the representative of an ideology that is fundamentally opposed to the United States. … To Russian ears, Clinton seemed determined in her speech to provide this missing ingredient for bipolar enmity, painting Moscow as the vanguard for racism, intolerance, and misogyny around the globe. The nation Clinton described was unrecognizable to its citizens. Anti-woman? Putin’s government provides working mothers with three years of subsidized family leave. Intolerant? The president personally attended the opening of Moscow’s great mosque. Racist? Putin often touts Russia’s ethnic diversity. To Russians, it appeared that Clinton was straining to fabricate a rationale for hostilities.

That fear [that Hillary might attempt a “regime change” in Russia] was heightened when Clinton surrogate Harry Reid, the Senate minority leader, recently [August 30, 2016] accused Putin of attempting to rig the U.S. election through cyberattacks. That is a grave allegation – the very kind of thing a President Clinton might repeat to justify war with Russia.”

At that time, Putin might have switched his preference from Hillary to Trump. Russian officials probably expressed such preference unofficially – exactly as Hillary wanted. That doesn’t mean Putin was aiding Trump. The Russian government should have thought there was a change in American policy, largely independent of who would win elections. Everyone was sure Hillary would win. Putin did not have a chance to change that. It would be unwise for Putin to even attempt – almost inevitable failure would earn him shrill retaliation, and almost impossible success would only make the adversary stronger. But the show was probably convincing enough even for honest intelligence officers.

Relationships with Russia were already bad in September, but that wasn’t enough for Democrats. To support Hillary, the Obama administration (with John Kerry as Secretary of State) turned minor disagreements with Russia into a conflict. October 12, 2016, CNN:

“It’s not a new Cold War. It’s not even a deep chill. It’s an outright conflict. US-Russia relations have deteriorated sharply amid a barrage of accusations and disagreements, raising the stakes on issues ranging from the countries’ competing military operations in Syria, disputes over Eastern European independence and escalating cyber breaches. Washington publicly accused the Kremlin of cyberattacks on election systems and the democracy itself last Friday. That came after talks on a Syria ceasefire broke down as US officials suggested Russia be investigated for war crimes in the besieged city of Aleppo. Moscow has steadfastly denied that it’s meddling in the US presidential election. … Democratic presidential nominee Hillary Clinton has pointed to the hacks as evidence that Russia favors her GOP opponent, Donald Trump. Appearing at an investment forum in Moscow on Wednesday, Russian President Vladimir Putin dismissed that charge. … Meanwhile, Moscow abruptly left a nuclear security pact, citing US aggression, and moved nuclear-capable Iskandar missiles to the edge of NATO territory in Europe. Its officials have openly raised the possible use of nuclear weapons. And that’s just the highlight reel.”

At the time, the MSM attributed that confrontation to Russian military activity in Syria. In fact, the Democratic Party was fanning flames of war to stay in power. Besides the Democrats’ obscurantism, obsession with political power, and “by any means necessary” attitude, much of this madness has been driven by puny conmen like Michael Mann and Dmitri Alperovitch.

Attribution Fallacies

Attribution of sophisticated network intrusions to specific actors is universally accepted as a very difficult problem. CrowdStrike and similar “solutions peddlers” usually build their case on a chain of very weak assumptions. Russia is home to some of the most sophisticated computer hackers in the world. The first target on which they try their exploits is Russian banks. Their skills and malware code become available to the Russian government when they are caught, or even before that. But they are also available to anybody in the world ready to pay cash. The following parameters and assumptions cannot be used for attribution of intrusions to specific actors.

A) Malware Origin

Malware is frequently attributed to Russia because Russian words or Cyrillic fonts are found in it, or in earlier versions of it. But Russian is the mother language for many people born and living in Ukraine, Belarus, Kazakhstan, Estonia, Latvia, and Lithuania, and tens of millions of emigrants all over the world, including the U.S.
An even more stupid and incompetent attribution attempt is the use of malware compilation time and finding that malware has been compiled at the working hours (like 8am to 6pm) for Moscow. In fact:
- Software compilation and build can be scheduled for any time.
- Software companies do builds either continuously or overnight.
- Programmers and hackers rarely work at traditional 9-to-6 schedules.
- Computers building malware can be set to any time, language, and country settings.
- Russia spans eleven hourly time zones, so almost any time is working hours somewhere in Russia.

There is nothing easier for a sophisticated hacker group than to build malware on a computer with Russian settings and/or other Russian fingerprints to lead investigators astray. An analyst sees what a sophisticated adversary wants him to see.

B) Targets

Theoretically, in some cases it’s possible to make an attribution of hacking with certain malware type to a specific government based on the attacked targets. This approach was used to allege that malware from APT28 and APT29, allegedly found on the DNC network, belongs to the Russian government because it was used in the past to attack its targets of interest. But this claim is based on data cherry-picking. The same malware was known to attack all kinds of targets, from banks to national Olympic committees. The majority of reported targets were in Russia. Russia attacks Russia – how foolish is that? Wide range of targets demonstrates activities of multiple hacking groups, some of which possibly working for governments. Security researchers engaged in attribution typically make their mind up early, and then look only at the cases that confirm their hypothesis. Security companies are interested only in attacks on large or rich organizations that can be convinced to purchase their services, and such organizations are easy to declare to be of interest to Russia. Most cyber-attacks are not reported at all. But even the cherry-picked list of incidents suggests that the attribution is incorrect.

C) It’s hard to believe that a government-backed hackers’ group would be using the same malware for years, long after it had been detected, analyzed, and publicly attributed to it. Here, I mean that malware remains the same even after enhancements and modifications – if it can be identified as a derivative of the original. I would expect any such group to continuously develop new and more effective “products” that bear no resemblance to the previous ones. At least, they can change existing code to remove the published identifiers. CrowdStrike and few copycats presumedly tracked APT28 and APT29 from 2008.

D) Circular referencing and bandwagon effect.

The following is an example of a circular evidence trail by a security professional and a corporate officer who does agree with the attribution of the DNC leak to Russian government:

Difficulty Level – EXTREME: Why is attribution such a challenge? “When I was serving in cybersecurity in the Department of the Defense, the main lesson I learned was that you can never truly achieve a high-level of confidence in who is attacking you without the triangulation of multiple intelligence sources. … when you look closely at the evidence that both of these outstanding organizations found in their investigations, they could all potentially be ‘false flags,’ planted by an advance targeted threat actor emulating the capabilities of these supposed Russian actors.”

So what switched him from skepticism to alarmism?

“… the public case made that Russian influence is behind the activity at the DNC has a few holes, but our government, on both sides of the political aisle, seem to be very sure of that conclusion. Based on sheer faith, I will take our government at its word …”

That’s it – sheer faith! The sheer faith is supported by an analysis made by SecureWorks and ICA, which used purported evidence received from CrowdStrike. The sheer faith leads him to affirm the initial detection and attribution by CrowdStrike. BTW, the Republican side of the aisle is represented by Senator Burr, RINO-NC.

Most attribution theories cannot be tested. In the science, such theories are called unfalsifiable, and, therefore, unscientific. But in one rare case, CrowdStrike theory alleging Russian hacking of Ukrainian howitzer control software has been checked – and found false. CrowdStrike retracted its claims in this specific case without any other consequences.

John Brennan, Obama’s CIA Director

The January 2017 assessment makes heavy emphasis on supposedly superb “sources, tradecraft, and analytic work” used by the FBI and CIA. But the words of John Brennan show a different picture.

“When CIA analysts look for deeper causes of this rising instability, they find nationalistic, sectarian, and technological factors that are eroding the structure of the international system. They also see socioeconomic trends, the impact of climate change, and other elements that are cause for concern. Let me touch upon a couple of them. Mankind’s relationship with the natural world is aggravating these problems and is a potential source of crisis itself. Last year was the warmest on record, and this year is on track to be even warmer. Extreme weather, along with public policies affecting food and water supplies, can worsen or create humanitarian crises. Of most immediate concern, sharply reduced crop yields in multiple places simultaneously could trigger a shock in food prices with devastating effect, especially in already fragile regions such as Africa, the Middle East, and South Asia. Compromised access to food and water greatly increases the prospect for famine and deadly epidemics.”

This passage demonstrates traitorcraft rather than tradecraft. Sources are replaced by UN agencies’ policy papers and analytic work is replaced by credo quia absurdum. But James Clapper is even worse.

James Clapper, Obama’s DNI Director

James Clapper appears clean before his appointment as DNI Director in 2010. For six years, Clappers signed the Statement for the Record on the Worldwide Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence. In Obama’s second term, Clapper started including in them the alleged climate change threat. Climate change was mentioned:

statement (Clapper): once

statement (Clapper): 4 times

“Environmental Risks and Climate Change Extreme weather, climate change, environmental degradation, related rising demand for food and water, poor policy responses, and inadequate critical infrastructure will probably exacerbate-and potentially spark-political instability, adverse health conditions, and humanitarian crises in 2016. Several of these developments, especially those in the Middle East, suggest that environmental degradation might become a more common source for interstate tensions. We assess that almost all of the 194 countries that adopted the global climate agreement at the UN climate conference in Paris in December 2015 view it as an ambitious and long-lasting framework.

2016 statement (Clapper): 8 times, including the following passage:

The UN World Meteorological Organization (WMO) report attributes extreme weather events in the tropics and sub-tropical zones in 2015 to both climate change and an exceptionally strong El Niño that will probably persist through spring 2016. An increase in extreme weather events is likely to occur throughout this period, based on WMO reporting. Human activities, such as the generation of greenhouse gas emissions and land use, have contributed to extreme weather events including more frequent and severe tropical cyclones, heavy rainfall, droughts, and heat waves, according to a November 2015 academic report with contributions from scientists at the National Oceanic and Atmospheric Administration (NOAA). Scientists have more robust evidence to identify the influence of human activity on temperature extremes than on precipitation extremes.

The Paris climate change agreement establishes a political expectation for the first time that all countries will address climate change. The response to the deal has been largely positive among government officials and nongovernmental groups, probably because the agreement acknowledges the need for universal action to combat climate change along with the development needs of lower-income countries. However, an independent team of climate analysts and the Executive Secretary of the UN climate forum have stated that countries’ existing national plans to address climate change will only limit temperature rise to 2.7 degrees Celsius by 2100.”

This asinine opinion, attributed to the intelligence community by James Clapper, adds injury to insult by referring to UN bodies four times, each time taking them as sources of authority.

“In the coming decades, an underlying meta‐driver of unpredictable instability will be, I “Well, I alluded to that briefly in my remarks, and I do think climate change is going to be an underpinning for a lot of national security issues. The effect on climate, which drives so many things ‐‐ availability of basics like water and food, and other resources, which are increasingly going to become matters of conflict, and already are, between and among countries. And so this is going to give rise to national security insight that we’ll need to understand this and hopefully help anticipate it. So I think climate change over time is going to have a (inaudible) effect on our national security picture.” believe, climate change. Major population centers will compete for ever‐diminishing food and water resources and governments will have an increasingly difficult time controlling their territories.” https://medium.com/homefront-rising/dumbstruck-how-crowdstrike-conned-america-on-the-hack-of-the-dnc-ecfa522ff44f

The following statements were made by Clapper in person at Intelligence and National Security Alliance (https://www.insaonline.org) conference in September 2016 (https://archive.is/J32Hm):

Thus, James Clapper lost his mind and/or integrity even before he gave DNI approval to CrowdStrike claims. He continues leveraging climate alarmism to against national security – https://climateandsecurity.org/tag/james-clapper/.

Remarks

Frauds like CrowdStrike were common under Obama’s administration. Theranos, a purported blood testing innovator, raised more than $700 Million between 2011 and 2017 and was valued at $9B at some point. In 2011, the Theranos founder recruited George Shultz, a Secretary of State in Reagan administration and currently “a senior statesman with a climate solution,” as a board member. He brought on more high level political figures. Theranos’ founder Elizabeth Holmes even secured support from Bill Clinton. She also wanted to save the planet from climate change! Theranos never had a working product, technology, or even competent R&D, but politics easily prevailed over technology and science in those years. Investment poured in, Walgreens signed a contract and built in-store booths for Theranos’ blood tests. In 2015, Obama’s FDA approved the non-existent Theranos’ blood testing device! wrote that Ms. Holmes, a university drop out, was an inventor in 26 patents issued to Theranos. Today, Theranos’ fraud is revealed, but Ms. Holmes walked away with hardly a slap on the wrist.

“Attribution is hard enough without cybersecurity companies picking the evidence they need to support the conclusion that they want with threat actor models that are completely devoid of common sense. We can do better.” “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.” “When it comes to cybersecurity estimates of attribution, no one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless …”

Google (Alphabet) is an investor in CrowdStrike, having participated in at least three investment rounds in 2015, 2017, and . Google fails to disclose this and other conflicts of interest in search results related to the companies in which it invests.

“A common misconception of “threat group” is that refers to a group of people. It doesn’t.”

Google, Facebook, and Twitter had an opportunity and incentives to use their knowledge and experience in cyber security to explain to the public and Congress the folly of the Russian attribution of the DNC leak and related conspiracy theories when they were called to testify before Congress. They had access to the same information that I do, and Google also had insider’s information about CrowdStrike. Nevertheless, they chose to lie to Congress and the public, and put their weight behind the conspiracy theories, even to the point of accepting a partial blame for the alleged “Russian” actions.

“In fact, the source code for X-Agent, which was used in the DNC, Bundestag, and TV5Monde attacks, was obtained by ESET as part of their investigation!”

Following the apparent success of the CrowdStrike fraud, other security companies started to make dubious attributions. Examples are FireEye (FYEY) and SecureWorks (SCWX). When describing APTs, SecureWorks advices incorrectly to ” Focus on the ‘who’ not the ‘what’.” For most organizations, the question who is unhelpful, because the answer is anybody or everybody. The network security should be able to handle a threat from anybody, proportionally to the value of the information on the network. This is the same as in the physical security. We don’t ask who when we lock the doors. We lock the doors to protect against all thieves, rather than asking who.

Alperovitch is a fellow of Atlantic Council. I don’t think this is a major factor – his motives are financial gain, and, possibly, media attention.

Here, the word hacker is used in its common meaning – somebody who accesses computer systems without authorization. Initially, it meant something like a darn good programmer, especially in the Linux community.

Other sources of data and analysis of the DNC leaks:

Opinion:

Disclosure

“Crowdstrike became one of the most famous brands in the cybersecurity industry last year after securing a contract with the Democratic National Committee.”

I hold short positions in (bet against) the Google stock.