Russian security firm Kaspersky Labs may have put itself squarely in the crosshairs of the lobby promoting the theory that Russia hacked the Democratic National Committee in 2016, by producing a paper that underscores the difficulty of attribution where cyber exploits are concerned.
Before anyone leaps to any conclusion, make no mistake, the paper — titled Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell — is well-written and logically argued as is most of the material produced by Kaspersky's Global Research and Analysis Team.
But with Kaspersky already having become collateral damage in the hysteria sweeping Washington, the report is very likely to elicit the reaction that it is trying to cover up the tracks allegedly left by the Russians (or their proxies) who breached the DNC.
Briefly put, the paper deals with the way state actors borrow or steal techniques from others at the same level, and thus create a web that is difficult to trace to any particular actor. Attribution then becomes even more difficult than it is under normal circumstances.
{loadposition sam08}There is plenty of evidence from cases which Kaspersky has tackled and the arguments are water-tight.
But at a time when it is an article of faith among Democrats and their supporters that their candidate, Hillary Clinton, lost last year's election because of Russia's intervention, such logic would, one fears, be seen as a cover-up.
The facts say otherwise but then this is something like a religion, a cult, where logic is the first, second and last casualty.
Even The Intercept, which has largely retained scepticism about the Russian hack theory, carries an article about the Kaspersky paper by former Wired staffer Kim Zetter which says:
"The attacks last year on the Democratic National Committee, for example, were attributed to hacking groups associated with Russian intelligence based in part on analysis done by the private security firm CrowdStrike, which found that tools and techniques used in the DNC network matched those used in previous attacks attributed to Russian intelligence groups."
No mention is made of the fact that CrowdStrike was asked by the FBI multiple times for access to the DNC servers and refused to grant access.
Neither is there any mention of the fact that the chief technical officer of CrowdStrike, Dmitri Alperovich, is an associate of an anti-Russian outfit known as the Atlantic Council, a Washington think- tank that is kept afloat by Saudi Arabia, the United Arab Emirates, the Ukrainian World Congress, the US State Department and others who have an interest in isolating or discrediting Russia.
Zetter also writes: "Although the Kaspersky researchers believe the DNC attribution is correct, they say researchers need to be more cautious about assuming that when the same tools and techniques are being used, the same actors are using them."
There is no reference to the DNC either in the short blog post by Kaspersky researchers Juan Andrés Guerrero-Saade and Costin Raiu who wrote the paper in question or in the paper itself.
So exactly where Zetter is getting these "facts" is a mystery.
Kaspersky Lab staff have a tough time on their hands, being under scrutiny by the FBI and presumably watched also in other countries that unhesitatingly follow US policies on anything and everything (except guns).
Thus, it may be time to think a little more before giving conspiracy theorists aka Democrats and their disciples any cause to make things any more difficult for the company to do business in the English-speaking world.
The paper was presented at the 2017 VirusBulletin conference in Madrid.