Congressional Republicans are either stupid or complicit. Neither of those is a good thing!
They have allowed the Democrats to stack the deck by putting ONLY their own hired tech experts on the hot seat to speak before the House committee investigating the Russian hacking fable.
So, the Democrat cyberlackies are going to preach the party line in cyberspeak that their audience will not understand. They will reinforce the narrative that President Trump is a Russian puppet and the Russians put him in office.
Wonderful! And the leftist media will parrot the narrative and fire up the liberal morons from sea to shining sea, and together they will do all they can to prevent President Trump from fulfilling his campaign promises, and if they can lie well enough, have him removed from office.
As reported by Breitbart, a list of witnesses scheduled to appear at a House Permanent Select Committee on Intelligence Open Hearing on “Russian Active Measures” contains a glaring problem: the only technical experts scheduled to testify are from CrowdStrike. CrowdStrike is a firm hired by the Democratic National Committee (DNC) and has become the primary source of the narrative about “Russian hacking” of the 2016 election and has acted as a mouthpiece for the Democrats since last June.
The initial witness list released by House Intelligence includes a number of intelligence officials, all appointed during the Obama administration, such as former CIA Director John Brennan, former Director of National Intelligence James Clapper, and former Acting Attorney General Sally Yates, but the sole technical people on the invitation list are two representatives of CrowdStrike, President Shawn Henry, and the co-founder Dmitri Alperovitch.
The JAR included “specific indicators of compromise, including IP addresses and a PHP malware sample.” But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn’t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.
Mark Maunder, Wordfence’s CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S sic which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”
True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it’s “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that’s not enough evidence to blame it on the Russian government.
Independent cybersecurity experts, such as Jeffrey Carr, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a “runaway train” of misinformation.
For example, CrowdStrike has named a threat group that they have given the name “Fancy Bear” for the hacks and then said this threat group is Russian intelligence. In December 2016, Carr wrote in a post on Medium:
A common misconception of “threat group” is that [it] refers to a group of people. It doesn’t. Here’s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two “En Route with Sednit: Observing the Comings and Goings”:
As security researchers, what we call “the Sednit group” is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.
Unlike CrowdStrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.
Despite these and other criticisms from technical experts with no political axe to grind, the House Intelligence committee has called no independent cybersecurity professionals to challenge the Democrats’ claims of “Russian hacking” that have been repeated ad naseum by the media.
Instead of presenting counter-arguments to allow the general public to make up their own minds, the House committee has invited Shawn Henry and Dmitri Alperovitch from CrowdStrike,
The danger is especially high since the subject involves technical details that the public—and, frankly, most politicians—don’t understand and can be easily fooled about. A presentation with no rebuttal at all from other technical experts will lead to even more disinformation being given to the American people.
There are a number of reasons to be skeptical of the objectivity of CrowdStrike’s assessments.
As Esquire reported in a long profile piece, the DNC specifically used Alperovitch and Henry as part of an anti-Trump publicity plan related to the hacking in early June 2016:
The DNC wanted to go public. At the committee’s request, Alperovitch and Henry briefed a reporter from The Washington Post about the attack.
Alperovitch told me he was thrilled that the DNC decided to publicize Russia’s involvement. “Having a client give us the ability to tell the full story” was a “milestone in the industry,” he says. “Not just highlighting a rogue nation-state’s actions but explaining what was taken and how and when. These stories are almost never told.”
The Esquire piece also indicates that as the election wore on, the Obama administration was also using Alperovitch and CrowdStrike’s claims to push the Democrat narrative that the Russians were behind the attack:
On October 7, two days before the second presidential debate, Alperovitch got a phone call from a senior government official alerting him that a statement identifying Russia as the sponsor of the DNC attack would soon be released. (The statement, from the office of the director of national intelligence and the Department of Homeland Security, appeared later that day.)
It is worth noting that CrowdStrike and Alperovitch’s story has evolved over time to match a Democrat narrative. In an article in Inc. on June 14, 2016, titled “Why the DNC Hired This Cybersecurity Firm to Fight Russian Spies,” Alperovitch claimed that the purpose of the DNC hack was to expose Donald Trump:
On Tuesday, it was revealed that the Russian government is implicated in a security breach of the Democratic National Committee’s computer network, through which opposition research on the bombastic presidential candidate was lifted.
“Every world leader is trying to figure out who Mr. Trump is, especially if he’s elected president, and they want to know what his foreign policies would be. Russia is no exception,” says Dmitri Alperovitch, co-founder and CTO of CrowdStrike. His firm was hired to manage the breach. “The actors are also interested in any other information the DNC might have in their opposition research to use it against Trump if he becomes president,” says Alperovitch, who leads the Intelligence, Technology and CrowdStrike Labs teams.
There is no justification for a technical expert like Alperovitch ascribing motives to the hackers or making statements about what “world leaders” think. It is simply outside his area of expertise, but the point of the Democrats using Alperovitch and Henry to promote their “Russian hacking” narrative is to provide a technical veneer to their story to score political points.