Security firm CrowdStrike appears to be trying to adopt a "business as usual" mode as it tries to make the world at large forget its role in one of the most publicised hacks of modern times: the breach of servers of the Democrat National Committee in 2016.
CrowdStrike was called in to investigate in June 2016 but curiously did not allow the FBI a look at the servers, even though there were many requests made by the organisation which was at that time headed by James Comey.
This seems strange, given the prominence of the DNC in the US political firmament. The only thing that CrowdStrike would agree to do was to would share its findings with the FBI.
But an independent analysis of CrowdStrike's claims about the malware that was used in the DNC attack does not seem to support the thesis that this could be definitely traced to Russia or any other country.
{loadposition sam08}Independent security researcher Mark Maunder summed up his conclusions thus: "The IP addresses that DHS (Department of Homeland Security) provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
"The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website."
In December, CrowdStrike claimed that the same group which it said had attacked the DNC — Fancy Bear, which allegedly has Russian roots — had attacked artillery systems in Ukraine. But the very sources it had cited began to push back.
The International Institute for Strategic Studies told VOA News: "The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report’s authors.
"The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate."
CrowdStrike's chief technical officer Dmitri Alperovitch is reportedly an associate of the Atlantic Council, a so-called think-tank which has put out a string of anti-Russian articles with headlines like “Distract Deceive Destroy: Putin at War in Syria” and “Six Immediate Steps to Stop Putin’s Aggression.”
Alperovitch has lauded the abilities of the hackers, describing them as follows: “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter."
But then among the somewhat deranged conclusions reached by those wanting to pin the deed on Russia, was the location of the name “Felix Edmundovich,” in the metadata of one of the leaked documents.
This was interpreted as an obvious reference to Felix E. Dzerzhinsky, founder of the Cheka, the original name of the Soviet political police!
As the website Consortium News put it, "It was the equivalent of American intelligence agents uploading a Russian document under the name 'J. Edgar'. Since this was obviously very careless of them, it raised an elementary question: how could the hackers be super-sophisticated, yet at the same time guilty of an error that was unbearably dumb?"
What one finds difficult to comprehend is: if CrowdStrike is so sure about its conclusions, why did the company not agree to answers a few queries last year about the DNC hack, when it approached iTWire for publicity about other things?
A couple of other security firm, namely Secureworks and Trend Micro, were also pushing this Russia-hacked-the-DNC theme, but they engaged up to a point before staying silent.
My general query to both companies was on these lines: "You can't add up 'possibly', 'allegedly','supposedly' and 'probably' and come up with 'definitely'."
But in defence of both these firms, they were at least willing to answer queries up to a point.
Not so with CrowdStrike. In March last year, the company retracted and rewrote parts of the statements it used to back up the Russian claims. There were major changes, as this report makes plain.
CrowdStrike has failed to explain one more question about the DNC hack: former NSA veteran William Binney and ex-CIA analyst Ray McGovern have both provided evidence to show that the exfiltration of data from the DNC could only have been a local job, and not carried out over the Internet, due to the bandwidth that was needed.
Why doesn't CrowdStrike try to explain these puzzling things to close the chapter on the DNC hack?