Sign up FAST! Login

Ars Technica: White House fails to make case that Russian hackers tampered with election


Stashed in:

To save this post, select a stash from drop-down menu or type in a new one:

Unfortunately the White House rushed out a report that is inconclusive.

Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate. Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers' "tradecraft and techniques" and instead delivering generic methods carried out by just about all state-sponsored hacking groups.

"This ultimately seems like a very rushed report put together by multiple teams working different data sets and motivations," Robert M. Lee, CEO and Founder of the security company Dragos, wrote in a critique published Friday. "It is my opinion and speculation that there were some really good government analysts and operators contributing to this data and then report reviews, leadership approval processes, and sanitation processes stripped out most of the value and left behind a very confusing report trying to cover too much while saying too little."

The sloppiness, Lee noted, included the report's conflation of Russian hacking groups APT28 and APT29—also known as CozyBear, Sandworm, Sednit, and Sofacy, among others—with malware names such as BlackEnergy and Havex, and even hacking capabilities such as "Powershell Backdoor." The mix up of such basic classifications does little to inspire confidence that the report was carefully or methodically prepared. And that only sows more reasons for President elect Donald Trump and his supporters to cast doubt on the intelligence community's analysis on a matter that, if true, poses a major national security threat.

The writers showed a similar lack of rigor when publishing so-called indicators of compromise, which security practitioners use to detect if a network has been breached by a specific group or piece of malware. As Errata Security CEO Rob Graham pointed out in a blog post, one of the signatures detects the presence of "PAS TOOL WEB KIT," a tool that's widely used by literally hundreds, and possibly thousands, of hackers in Russia and Ukraine, most of whom are otherwise unaffiliated and have no connection to the Russian government.

So it sounds like there's a debate about whether this is debatable. 

Meanwhile the Washington Post needs to calm down.

http://pandawhale.com/post/74230/russia-hysteria-infects-washpost-again-false-story-about-hacking-us-electric-grid

Truth is stranger than fiction. 

Yes crazy world.  Stories after the cold war suggest there were a lot of hair raising skirmishes that the general public was never informed about.  I wonder if current cyberwarfare goes beyond anything we have been told.  It seems difficult to know one way or the other. 

You May Also Like: