Doorgaan naar hoofdcontent

Hacking Stories

What Happens to a Russia Hacking Story When Someone Checks the Evidence?

It falls apart
7 hours ago | 1,115 11
Vladimir Putin hacked the US election. We all know that. Part of the reason why we know that is that an internet security firm which stands to gain tons of publicity has said so.
The same firm has also claims the pro-Russian hacking group Fancy Bear is run by the sinister Russian military intelligence, the GRU, and had hacked Ukraine army artillery during the civil war in eastern Ukraine:
But so far, the only evidence pointing to Russian government involvement comes from cybersecurity companies that have studied Advanced Persistent Threat 28, a hacker collective that has attacked many targets over the years -- including the DNC in 2016.
That evidence is best summarized in a 2014 blog post by the security firm FireEye. APT 28 attacks governments and militaries hostile to Russia or strategically important for it. APT 28 appears professional and well-financed. APT 28 uses Russian in its malware. The malware is compiled during working hours in the Moscow time zone.
CrowdStrike, the firm that detected the DNC hack, calls APT 28 Fancy Bear. Until recently, the company's founder, Dmitri Alperovitch, said he had "medium level confidence" that the group was run by the GRU, Russia's military intelligence service.
Now, he says the confidence level has changed to high. The increase comes from the finding by CrowdStrike that a Ukrainian-developed Android application, used to simplify targeting data for the D-30 howitzer, was contaminated with a version of APT 28 malware.
The logic: If the malware implant within the application was used to collect positioning data about Ukrainian artillery units, who else could be in the market for it but the GRU? Ominously, the CrowdStrike report says:
"Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine's arsenal."
The inference is that the Russians hacked the app used to target the D-30, and so the howitzers were mostly destroyed.
Except as Leonid Bershidsky, a Putin-critic in a self-imposed exile from Rusia since 2014, found there isn't actually any evidence of that:
Then there's the issue of the targeting software itself. Yaroslav Sherstyuk, the Ukrainian military officer who developed the application, reacted angrily on Facebook to the CrowdStrike report, saying he never published the software on any public forums and encouraging fellow Ukrainian servicemen to keep using the latest version of his app. 
Via Facebook Messenger, he told me that he didn't believe an infected version of the app even existed. "This is a hoax to scare everyone and make us go back to the old methods of targeting fire," he wrote. A CrowdStrike spokesperson did not respond when I asked if it had contacted Sherstyuk. He said it hadn't.
The spokesperson, Ilina Dimitrova, wrote that "it is indisputable that the app has been hacked with Fancy Bear malware -- we have published the indicators related to it and they have been confirmed by others in the cybersecurity community." CrowdStrike said that it found the infected app "in limited public distribution on a Russian language, Ukrainian military forum."
I doubt anyone in the Ukrainian military would download software for targeting artillery fire from a forum. Typically, they obtain it directly from known developers such as Sherstyuk. If I can contact him directly, so can Ukrainian artillery officers seeking to improve their performance in battle.
Hence, it's hard for me to believe that this infected app -- found somewhere on the internet and likely never used by Ukrainian soldiers -- offers evidence tying the GRU to APT28. 
Indeed, why would Ukraine servicemen be downloading targeting apps from dodgy online forums?? Even if an infected version of the targeting app ever existed there is absolutely no evidence it was ever even downloaded by Ukrainian artillery crews, much less installed and then exploited by Russians to reveal their location.


Reacties

Populaire posts van deze blog

Geert Mak Pleit Nu Voor Vriendschap met Rusland

Ik kwam zojuist mijn oude vriend, de bestseller-auteur en mainstream-opiniemaker Geert Mak in de regen op straat tegen. Na elkaar te hebben begroet, vertelde Geert mij dat hij van oordeel is dat Europa zo snel mogelijk met Rusland om de tafel moet gaan zitten, om de opgelopen spanningen te deëscaleren. De VS heeft heel andere belangen dan 'wij,' aldus Mak, die benadrukte dat de macht van 'onze' Atlantische bondgenoot ingrijpend aan het afnemen is. Kortom, ik hoorde wat ikzelf al enige jaren op mijn weblog schrijf. Opvallend hoe een Nederlandse opiniemaker binnen zo'n betrekkelijk korte tijd zo wezenlijk van oordeel kan veranderen.  Immers, Mak’s gevaarlijke anti-Rusland hetze was een treffend voorbeeld van zijn opportunisme. Mei 2014 beweerde op de Hilversumse televisie de zogeheten ‘chroniqueur van Amsterdam, Nederland, Europa en de VS,’ dat er sprake was van een 'Russische gevaar,’ aangezien ‘meneer Poetin’ aan ‘landjepik’ deed en dat de Russische president d…

America Has Been at War 93% of the Time Since 1776

America Has Been at War 93% of the Time – 222 out of 239 Years – Since 1776 By Washington's Blog Global Research, December 26, 2017 Washington's Blog 20 February 2015 Region:  Theme: 

Native American Rape Survivors

A sign marks the entrance to White Earth Indian Reservation in Mahnomen County, Minn. (J. Stephen Conn / CC 2.0) WHITE EARTH RESERVATION, Minn.—Candice (not her real name) awoke with a start. Someone was pulling down her sweatpants. It was a male friend. “Stop!” she shouted. He kept groping her. She kicked him and he fell off the bed. She dashed out of the bedroom, tripping and tumbling down the stairs. Gripped with fear, she heard his footsteps behind her in the dark and forced herself to stand upright as she staggered out to the porch. Candice was still intoxicated. She got into her car and drove into a ditch. A white police officer pulled up. She struggled to hold back tears as she told him about the attempted rape. All the officer saw was a drunk and disorderly Native American woman. He dismissed Candice’s report of sexual assault as a lie she had made up to avoid getting a DUI. He did not take her to the hospital for a forensic exam. The sexual assault was not recorded in his pol…