Saturday, December 31, 2016

GRIZZLY STEPPE – Russian Malicious Cyber Activity - There is more to the story.




 Accusations are cheap.The Grizzly Steppe technical report headline is emotionally charged. The next chicken little edition reads Destroy Grizzly Steppe before it destroys us. Why am I not surprised?

If you have watched any TV talk show in the last few days, then you have heard the repeated excruciatingly hyped reference to this report. It launched Obama's Russia sanctions.  In my view, this is a highly politicized report to support Obama's Russia sanctions. It reads like a #101 primer on malware protection for information technology professionals. It explains in detail how malware works and identifies several malware files that should be avoided. It will represent a business explosion for the cyber firms. 

However, the report does not make a strong case for deliberate Russian intervention. It also does not justify Obama's last ditch effort to make his last White House days receive some mainstream ink. I do not think that is what Dylan Thomas, a Nobel prize winner, suggested when he wrote, "Do not go gently into that good night." Also, there is no moral high ground for America - a country that has a history of interfering with other country's elections. 

 I am pleased that Putin did not retaliate in kind and brushed off the Obama accusations with aplomb.

The source of all the furor is a 13 page Joint Analysis Report (JAR). This report was the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) - Reference Number: JAR-16-20296. 

I have just examined the 13 page report prepared by the FBI and Homeland security. You can Google it and read it too. It is worth a read. Why? Because the distinction between fact and opinion, whether articulated by our president-elect or our current president is disturbing. I am wearing my "Make America Great Again" red cap and even I am having trouble with the increasingly blurred distinction between fact and opinion.

For example, the report reads: "However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities." What is public attribution? No details supporting this claim are provided  In another example, the report reads: "These cyber operations [e.g.Russian] have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information."  It makes me ask who has not been spearphished? This claim sounds like an opinion to me and adds to the blurring distinction between fact and evidence-based opinion. The remainder of the report reads like a typical malware technical report from Microsoft. 

The top of the JAR report has a disclaimer that reads:"The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this advisory or otherwise." Further the report reads: "Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed."

It seems to me that for a president to accuse a country of espionage, not that we do not do it, and set the stage for escalating responses is reckless. As I understand it, Putin remarked his people wanted to return to Russia for the holidays anyway.

I do not have an opinion one way or the other. I do not have enough information to form one. However, this could be the beginning of another Colin Powell - weapons of mass destruction - speech before the UN. The intelligence community may have to walk their JAR headline back.



 
 
 

No comments:

Post a Comment