Fix Is In: House Committee on ‘Russian Hacking’ Includes Only DNC-Hired Tech Experts
Fix Is In: House Committee on ‘Russian Hacking’ Includes Only DNC-Hired Tech Experts by Lee Stranahan
A list of witnesses scheduled to appear at a House Permanent Select Committee on Intelligence Open Hearing on “Russian Active Measures” contains a glaring problem: the only technical experts scheduled to testify are from CrowdStrike. CrowdStrike is a firm hired by the Democratic National Committee (DNC) and has become the primary source of the narrative about “Russian hacking” of the 2016 election and has acted as a mouthpiece for the Democrats since last June.
The initial witness list released by House Intelligence includes a number of intelligence officials, all appointed during the Obama administration, such as former CIA Director John Brennan, former Director of National Intelligence James Clapper, and former Acting Attorney General Sally Yates, but the sole technical people on the invitation list are two representatives of CrowdStrike, President Shawn Henry, and the co-founder Dmitri Alperovitch.
Breitbart News has interviewed tech experts who do not agree with the CrowdStrike assessment or Obama administration’s claims that the DNC/DCCC hacks clearly committed by Russian state actors, with much criticism aimed at the FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” that was released at the end of December. As ZDNet reported after the JAR report was released by the Obama administration on the same day that they announced sanctions against Russia:
The JAR included “specific indicators of compromise, including IP addresses and a PHP malware sample.” But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn’t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.
Mark Maunder, Wordfence’s CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S sic which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”
True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it’s “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that’s not enough evidence to blame it on the Russian government.
Independent cybersecurity experts, such as Jeffrey Carr, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a “runaway train” of misinformation.
For example, CrowdStrike has named a threat group that they have given the name “Fancy Bear” for the hacks and then said this threat group is Russian intelligence. In December 2016, Carr wrote in a post on Medium:
A common misconception of “threat group” is that [it] refers to a group of people. It doesn’t. Here’s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two “En Route with Sednit: Observing the Comings and Goings”:
As security researchers, what we call “the Sednit group” is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.
Unlike CrowdStrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.
Despite these and other criticisms from technical experts with no political axe to grind, the House Intelligence committee has called no independent cybersecurity professionals to challenge the Democrats’ claims of “Russian hacking” that have been repeated ad naseum by the media.