Cybersecurity Firm That Attributed DNC Hacks to Russia May Have Fabricated Russia Hacking in Ukraine
The cyber security firm outsourced by the Democratic National Committee, CrowdStrike, reportedly misread data, falsely attributing a hacking in Ukraine to the Russians in December 2016. Voice of America, a US Government funded media outlet, reported, “the CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with Russian-backed separatists. But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report.
Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.” The maker of the military app allegedly hacked called CrowdStrike’s report “delusional,” and told VOA that CrowdStrike never contacted him either before or after they completed their report. VOA News noted Ukraine’s rebuttal to CrowdStrike received little media attention as CrowdStrike’s report was widely cited in media outlets throughout the United States as further evidence of Russia hacking the United States. Alperovitch, who gave several interviews on CrowdStrike’s initial report to the Washington Post and other media outlets, refused to comment on VOA News’ report.
The report sheds further skepticism on CrowdStrike’s findings and objectivity in their conclusions, which several cyber security experts and former CIA and NSA officials have cast doubt on, especially given that several media outlets reported in early January 2017 that the DNC never allowed the FBI to examine their servers themselves, rather the FBI relied on forensic data gathered by CrowdStrike.
The investigation methods used to come to the conclusion that the Russian Government led the hacks of the DNC, Clinton Campaign Chair John Podesta, and the DCCC were further called into question by a recent BuzzFeed report by Jason Leopold, who has developed a notable reputation from leading several non-partisan Freedom of Information Act lawsuits for investigative journalism purposes. On March 15 that the Department of Homeland Security released just two heavily redacted pages of unclassified information in response to an FOIA request for definitive evidence of Russian election interference allegations.
Leopold wrote, “what the agency turned over to us and Ryan Shapiro, a PhD candidate at MIT and a research affiliate at Harvard University, is truly bizarre: a two-page intelligence assessment of the incident, dated Aug. 22, 2016, that contains information DHS culled from the internet. It’s all unclassified — yet DHS covered nearly everything in wide swaths of black ink. Why? Not because it would threaten national security, but because it would reveal the methods DHS uses to gather intelligence, methods that may amount to little more than using Google.”
In lieu of substantive evidence provided to the public that the alleged hacks which led to Wikileaks releases of DNC and Clinton Campaign Manager John Podesta’s emails were orchestrated by the Russian Government, CrowdStrike’s bias has been cited as undependable in its own assessment, in addition to its skeptical methods and conclusions. The firm’s CTO and co-founder, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, a think tank with openly anti-Russian sentiments that is funded by Ukrainian billionaire Victor Pinchuk, who also happened to donate at least $10 million to the Clinton Foundation.
In 2013, the Atlantic Council awarded Hillary Clinton it’s Distinguished International Leadership Award. In 2014, the Atlantic Council hosted one of several events with former Ukrainian Prime Minister Arseniy Yatsenyuk, who took over after pro-Russian President Viktor Yanukovych was ousted in early 2014, who now lives in exile in Russia.
In August, Politico reported that Donald Trump’s favorable rhetoric to Russia was concerning Ukraine, who have been recovering from Russian interference in their own country’s revolution. The article cited, “Russia wants Trump for U.S.
president; Ukraine is terrified by Trump and prefers Hillary Clinton.” Trump recently appointed Atlantic Council Chairman Jon Huntsman as U.S. Ambassador to Russia, which Vox called a “baffling” choice, and Democrats and anti-Russian hysterics haven’t bothered to attempt to criticize, scrutinize or insinuate ties between Huntsman and Russia.
Cyber security expert Jeffrey Carr called the FBI/Department of Homeland Security Report, the only alleged evidence released by intelligence officials, released in late December 2016 a “fatally flawed effort” that provided no evidence to substantiate the claims that the Russian government conducted the hacks, though that’s what it was purported to do.
“If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didn’t means either that the evidence doesn’t exist or that it is classified,” he wrote in a Medium post on December 30, 2016, while Obama was still in office. “If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling ‘attribution-as-a-service.'”
Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.
The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with Russian-backed separatists.
But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened.
A CrowdStrike spokesperson told VOA that it stands by its findings, which, they say, "have been confirmed by others in the cybersecurity community.”
The challenges to CrowdStrike’s credibility are significant because the firm was the first to link last year’s hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.
Alperovitch has said that variants of the same software were used in both hacks.
FILE - CrowdStrike co-founder and CTO Dmitri Alperovitch speaks during the Reuters Media and Technology Summit in New York, June 11, 2012.
HERE IS THE SHITBIRD SOURCE FOR US MEDIA:
HERE IS THE SHITBIRD SOURCE FOR US MEDIA:
While questions about CrowdStrike’s findings don’t disprove allegations of Russian involvement, they do add to skepticism voiced by some cybersecurity experts and commentators about the quality of their technical evidence.
The Russian government has denied covert involvement in the election, but U.S. intelligence agencies have concluded that Russian hacks were meant to discredit Hillary Clinton and help Donald Trump’s campaign. An FBI and Homeland Security report also blamed Russian intelligence services.
On Monday, FBI Director James Comey confirmed at a House Intelligence Committee hearing that his agency has an ongoing investigation into the hacks of Democratic campaign computers and into contacts between Russian operatives and Trump campaign associates. The White House says there was no collusion with Russia, and other U.S. officials have said they’ve found no proof.
VOA News first reported in December that sources close to the Ukraine military and the artillery app’s creator questioned CrowdStrike’s finding that a Russian-linked group it named “Fancy Bear” had hacked the app. CrowdStrike said it found a variant of the same “X-Agent” malware used to attack the Democrats.
FBI Director James Comey, left, and National Security Agency Director Mike Rogers during the House Permanent Select Committee on Intelligence hearing on Russian actions during the 2016 election campaign, March 20, 2017.
HERE IS COMEY:
HERE IS COMEY:
CrowdStrike said the hack allowed Ukraine’s enemies to locate its artillery units. As proof of its effectiveness, the report referenced publicly reported data in which IISS had sharply reduced its estimates of Ukrainian artillery assets. IISS, based in London, publishes a highly regarded, annual reference called “The Military Balance” that estimates the strength of world armed forces.
“Between July and August 2014, Russian-backed forces launched some of the most-decisive attacks against Ukrainian forces, resulting in significant loss of life, weaponry and territory,” CrowdStrike wrote in its report, explaining that the hack compromised an app used to aim Soviet-era D-30 howitzers.
“Ukrainian artillery forces have lost over 50% of their weapons in the two years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal,” the report said, crediting a Russian bloggerwho had cited figures from IISS.
The report prompted skepticism in Ukraine.
Yaroslav Sherstyuk, maker of the Ukrainian military app in question, called the company’s report “delusional” in a Facebook post. CrowdStrike never contacted him before or after its report was published, he told VOA.
Pavlo Narozhnyy, a technical adviser to Ukraine’s military, told VOA that while it was theoretically possible the howitzer app could have been compromised, any infection would have been spotted. “I personally know hundreds of gunmen in the war zone,” Narozhnyy told VOA in December. “None of them told me of D-30 losses caused by hacking or any other reason.”
VOA first contacted IISS in February to verify the alleged artillery losses. Officials there initially were unaware of the CrowdStrike assertions. After investigating, they determined that CrowdStrike misinterpreted their data and hadn’t reached out beforehand for comment or clarification.
In a statement to VOA, the institute flatly rejected the assertion of artillery combat losses.
“The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report's authors,” the IISS said. “The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate.”
One of the IISS researchers who produced the data said that while the think tank had dramatically lowered its estimates of Ukrainian artillery assets and howitzers in 2013, it did so as part of a “reassessment” and reallocation of units to airborne forces.
"No, we have never attributed this reduction to combat losses," the IISS researcher said, explaining that most of the reallocation occurred prior to the two-year period that CrowdStrike cites in its report.
“The vast majority of the reduction actually occurs ... before Crimea/Donbass,” he added, referring to the 2014 Russian invasion of Ukraine.
In early January, the Ukrainian Ministry of Defense issued a statement saying artillery losses from the ongoing fighting with separatists are “several times smaller than the number reported by [CrowdStrike] and are not associated with the specified cause” of Russian hacking.
But Ukraine’s denial did not get the same attention as CrowdStrike’s report. Its release was widely covered by news media reports as further evidence of Russian hacking in the U.S. election.
In interviews, Alperovitch helped foster that impression by connecting the Ukraine and Democratic campaign hacks, which CrowdStrike said involved the same Russian-linked hacking group—Fancy Bear—and versions of X-Agent malware the group was known to use.
“The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the U.S. election is quite chilling,” Alperovitch said in a December 22 story by The Washington Post.
The same day, Alperovitch told the PBS NewsHour: “And when you think about, well, who would be interested in targeting Ukraine artillerymen in eastern Ukraine? Who has interest in hacking the Democratic Party? [The] Russia government comes to mind, but specifically, [it's the] Russian military that would have operational [control] over forces in the Ukraine and would target these artillerymen.”
Alperovitch, a Russian expatriate and senior fellow at the Atlantic Council policy research center in Washington, co-founded CrowdStrike in 2011. The firm has employed two former FBI heavyweights: Shawn Henry, who oversaw global cyber investigations at the agency, and Steven Chabinsky, who was the agency's top cyber lawyer and served on a White House cybersecurity commission. Chabinsky left CrowdStrike last year.
CrowdStrike declined to answer VOA’s written questions about the Ukraine report, and Alperovitch canceled a March 15 interview on the topic. In a December statement to VOA’s Ukrainian Service, spokeswoman Ilina Dimitrova defended the company’s conclusions.
“It is indisputable that the [Ukraine artillery] app has been hacked by Fancy Bear malware,” Dimitrova wrote. “We have published the indicators to it, and they have been confirmed by others in the cybersecurity community.”
In its report last June attributing the Democratic hacks, CrowdStrike said it was long familiar with the methods used by Fancy Bear and another group with ties to Russian intelligence nicknamed Cozy Bear. Soon after, U.S. cybersecurity firms Fidelis and Mandiant endorsed CrowdStrike’s conclusions. The FBI and Homeland Security report reached the same conclusion about the two groups.
Still, some cybersecurity experts are skeptical that the election and purported Ukraine hacks are connected. Among them is Jeffrey Carr, a cyberwarfare consultant who has lectured at the U.S. Army War College, the Defense Intelligence Agency, and other government agencies.
In a January post on LinkedIn, Carr called CrowdStrike’s evidence in the Ukraine “flimsy.” He told VOA in an interview that CrowdStrike mistakenly assumed that the X-Agent malware employed in the hacks was a reliable fingerprint for Russian actors.
“We now know that’s false,” he said, “and that the source code has been obtained by others outside of Russia."
This report was produced in collaboration with VOA's Ukrainian Service.