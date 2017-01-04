- Advertisement -

In the wake of the December 29, 2016 United States Computer Emergency Team (US-CERT) report " GRIZZLY STEPPE -- Russian Malicious Cyber Activity " about alleged hacking and influencing of the 2016 US Presidential Election, the need for real evidence is critically missing. The Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (DNI) joint report JAR-16-20296 adds nothing substantially additional to the much-criticized October US-CERT report (here). Both reports rely heavily on information provided by a small cyber security firm named CrowdStrike that is clearly not up to government standards of intelligence agency evidence and findings. The reports put out by the Obama administration admit that its own reports based on CrowdStrike are nothing more than speculation. The reports begin with a disclaimer:

"DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within." (Emphasis in original).

In other words, JAR-16-20296 is just "information", not much better than a rumor being spread by CrowdStrike. The difference between CrowdStrike co-founder Dmitri Alperovitch's claims as reflected in JAR-16-20296, and this author's article is that enough evidence is provided in my article to warrant a Department of Justice Investigation.

The real story around the "Russian hacking" hype is that my evidence presented here is against American actors that need to be investigated for real crimes that are harmful to US national security, and that they were knowingly spreading false information (i.e. fake news) about who and how Democratic National Committee emails were leaked. Later, I will introduce the identity of the real "Fancy Bear and Cozy Bear".

The conclusions of CrowdStrike repeated in JAR-16-20296 amount to nothing more than "probably, maybe, could be, or should be" in their argument of Russian hacking. The CEO of CrowdStrike, Dimitri Alperovitch is just asking the American people to "trust me, I am an expert on computer security", without providing sufficient facts as to why he should be trusted.



The December 29th version of the JAR adds a flowchart that shows how a basic phishing hack is performed. It doesn't add anything beyond that. Noticeably, CrowdStrike uses its own jargon designations "Advanced Persistent Threat (APT) 28" and "Advanced Persistent Threat (APT) 29" as well as its own invented codenames of "Grizzly Steepe, Fancy Bear and Cozy Bear". It is typical of private computer security companies to cash in on the value of rumor, innuendo and unsubstantiated information. Usable intelligence needs to be free from this kind of psychological and partisan politics of unsubstantiated information and must be based on verifiable facts. Inteligence agencies noted back in the early 1990's that every private actor in the information game (i.e. private computer security) were radically political. CrowdStrike falls in that category.

The Washington Post floated a self-admitted erroneous story that a Russian Operation Hacked a Vermont Utility, Showing Risk to U.S. Electrical Grid Security (here) is a perfect example of why politically motivated intelligence should not be taken seriously. If any proof of "Russian hackers had penetrated the U.S. electric grid", then the US would be at war now. Under the laws of war there is no difference between a computer attack on an electric power grid and a missile strike on an electric power plant.

According to the Washington Post fake news story, "private security firms provided more detailed forensic analysis, which the FBI and DHS said Thursday correlated with the findings of the private computer security firm IC Systems, concluding that:

"The Joint Analysis Report recognizes the excellent work undertaken by private security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response," reads the statement. The report further identities two Russian intelligence groups already [code] named by CrowdStrike and other private security firms.

In an interview with the Washingtonsblog, NSA whistleblower William Binney, the creator of the National Security Agency (NSA) global surveillance system, said "I expected to see the IP's (Internet Protocol address) or other signatures of APT 28 and APT29 (the entities which the US claims hacked the DNC emails), where they were located, how and when the data got transferred to them from DNC, Hillary Rodham Clinton, etc. They seem to have been following APT 28/29 since at least 2015, so, where are they?"

According to the latest Washington Post story, CrowdStrike's CEO tied a group his company dubbed "Fancy Bear" to targeting Ukrainian artillery positions in the Battle of Debaltsevo (2015), as well as across the Ukrainian civil war front for the past 2 years. Alperovitch states in many CrowdStrike articles that Ukrainians were using an Android app to target the self-proclaimed breakaway east Ukrainian republic Donbass positions and that instead by hacking the Ukrainian's app Donbass's artillery was able to target Ukrainian forces.

Alperovitch first gained notice when he was the Vice President in charge of threat research with the respected McAfee computer security firm. Asked to comment on Alperovitch's discovery of Russian hacks by Larry King, John McAfee had this to say:

"Based on all of my experience, I (McAfee) do not believe that Russians were behind the hacks on the Democratic National Committee (DNC), John Podesta's emails, and the Hillary Clinton presidential campaign". As he told Larry King , "if it looks like the Russians did it, then I can guarantee you it was not the Russians".

CrowdStrike's story parts with reality. First is the admission that it is "probably, maybe, could be" Russia hacking the DNC. Intelligence agencies do not have specific intelligence showing officials in the Kremlin "directing" the identified individuals to pass the DNC emails to WikiLeaks.

