Posted on 12/31/2016 5:05:38 PM PST by Eddie01
On Thursday, as part of the White House response to alleged Russian hacking, the FBI and DHS released a Joint Analysis Report (JAR) called “Grizzly Steppe.” While this report was meant to prove, or at least provide evidence, that the Russian government was involved in hacks of the Democratic Party, experts have stated that it “adds nothing.”
Jeffrey Carr, a cybersecurity consultant, author, and founder of the Suits and Spooks conference, wrote in an analysis that the report merely lists every threat group ever reported on by a commercial cybersecurity company suspected of having ties to Russia, labeling them “Russian Intelligence Services,” without evidence that any such connection exists.
“Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it,” Carr wrote, adding, “It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words, malware deployed is malware enjoyed!”
Carr added that if the White House had unclassified evidence tying Russia to the DNC hack, the evidence would have been made public by now. Since they have not made evidence public, he, like many other members of the intelligence community, believes that it is either classified or it simply does not exist.
“If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling ‘attribution-as-a-service,’” Carr stated.
Likewise, Robert M. Lee, a National Cybersecurity Fellow at New America and CEO and founder of cybersecurity company Dragos, published a thorough critique of the JAR, saying it “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.”
“The list of reported RIS [Russian intelligence services] names includes relevant and specific names such as campaign names, more general and often unrelated malware family names, and extremely broad and non-descriptive classification of capabilities,” Lee wrote. “It was a mixing of data types that didn’t meet any objective in the report and only added confusion as to whether the DHS/FBI knows what they are doing or if they are instead just telling teams in the government ‘contribute anything you have that has been affiliated with Russian activity.’”
Lee explained that it is extremely difficult to identify whether data was sourced from the private sector or from declassified government data.
“It is useful to know what is government data from previously classified sources and what is data from the private sector and more importantly who in the private sector. Organizations will have different trust or confidence levels of the different types of data and where it came from,” Lee said. “Unfortunately, this is entirely missing. The report does not source its data at all. It’s a random collection of information and in that way, is mostly useless.”
Lee, in his critique, detailed that it is important for government reports to detail where data came from, and to separate private-sector information from their own data, which is seen to have a higher confidence level. Further, Lee stated that some of the samples were already known to the public, so if they were classified, “it is a perfect example of over classification by government bureaucracy.”
“The DHS/FBI GRIZZLY STEPPE report does not meet its stated intent of helping network defenders and instead choose to focus on a confusing assortment of attribution, non-descriptive indicators, and re-hashed tradecraft,” Lee said. “Additionally, the bulk of the report (8 of the 13 pages) is general high level recommendations not descriptive of the RIS threats mentioned and with no linking to what activity would help with what aspect of the technical data covered. It simply serves as an advertisement of documents and programs the DHS is trying to support. One recommendation for Whitelisting Applications might as well read ‘whitelisting is good mm’kay?’”
Lee summed up that JAR appears to be very rushed, and put together by multiple teams working with different data sets and motivations, resulting in a very confusing non-explanation that tried to cover too much, while saying too little.
Yes. This is expected. Anyone in this field sees what a vapid report it was.
Nothing that comes out of this administration is ever true. All lies all the time. A few RINOs are just as bad.
I despise these people.
“...Experts Destroy White House ‘Proof’ of Russian Hacking...”
_____________________________________________________________
White Houe: “The dog ate my proof!!!!”
We got some good people. Some very skilled folk at the CDC, for example. They have their own cyberthreat monitoring center. And those guys are good. VERY good. I could tell you a story, but I cannot.
But this report? Pure crap.
They either assigned unskilled folks to do this, or — much more likely — they had nothing.
No proof of a Russian hack whatsoever. All lies.
—
But ... but ... what about CIA sources?
I have zero trust in the CIA. They have zero credibility with me. Same for the media.
I'm not even in the field and I can see how bad that report is. Most of it is suggestions on how to be secure with your computer ( which Podesta might not have read). I'm certainly an end user, and we have a higher level of security on our networks at the office because it is considered critical infrastructure.
It was a mad-dash hastily-assembled ‘report’ that was largely lifted from boilerplate.
No ma'am. Seth Rich is dead.
‘Russian hacking’-the fakest of fake new-unbelievable! It just used to be the msm, now it’s the government-what a bit nth of 3rd world tinpot liars.
Might I suggest that your description of the 'culprit' fits almost perfectly to Seth Rich ?
Lee used the wrong word. "Tradecraft" is a word reserved to the intelligence community. In the Information Technology community, we call it "Best Practices".
Wow. That Putin is awesome. First he engineers the Brexit referendum, so Brexit wins (against all expectations). Then he engineers the US Presidential election, so Trump wins (against all expectations). Now he’s engineering the French political scene so that the two candidates for President who oppose Russian sanctions (Fillon and Le Pen) are leading the pack.
And no one can prove he’s doing it. Wow. Just wow.
....except that Seth Rich is dead.
Bmk
I took one look at the report and knew right away it was just mumbo jumbo. Just like fake articles once shared the original author have no control of where and how they will be used. These malware can have legs of their own. Who knows if the US government are using these same malware to take down our Government and then blame other countries on doing so?
Oh, I acknowledge that Seth Rich is a distinct possibility. Very, very distinct. I’m just saying that if it wasn’t him, it was some other Bernie supporter... who is now hiding in a basement.
I’m about as techie as an Amish Grandma, and even I can see what a vapid report it is. My take on the report is that it is intentionally vague enough that the administration can use it (intelligence was undoubtedly under tremendous pressure to produce something DNC could “use”) but also inconclusive enough that under a different administration, and different pressure, they can say, “Well, we DID issue it with a disclaimer, and we DIDN’T say anything that was technically untrue, but we never claimed that it was conclusive....” Cover the butt on both sides, you know?
Etichisketch
In other words, the best the Obama Admin can do is say that HRC was defeated by Fancybear and Cozyduke?
An Amish Grandma just taught me repository-based mock unit testing in C# against Azure DocumentDB using Blob storage BSON documents.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.