Category Archives: #CrowdStrike

CRWD

MISDepartment was aware of “APT28”

One of the key allegations in the Russian hoax is that the DNC has been hacked by a Russian government hacking groups, such as a “group” named Fancy Bear by Crowdstrike and APT28 by FireEye. I fell for this trick, and have been using notation like Fancy Bear / APT28. Fancy Bear and APT28 are the same only in one sense – they don’t exist as groups of people or organizations. If the names are used as names of malware families and/or intrusion scenarios (“what we call collectively APT28,” in the words of Guillaume Poupard, the head French cyber security agency ANSSI), they refer to different things, not necessarily well defined. Continue reading MISDepartment was aware of “APT28”

In American Thinker: The External Roots of Spygate

My article The External Roots of Spygate is published in the American Thinker.

On another topic – the putative “Russian government hacker group” Fancy Bear / APT 28 / GRU Military Units 26165 and/or 74455, according to the mythologies of CrowdStrike (CRWD) / FireEye (FEYE) / Robert Mueller & Angry Democrats (MAD), respectively. From Wired (August 2017):

Since as early as last fall, the Russian hacker group known as APT28, or Fancy Bear, has targeted victims … including its breach of the Democratic National Committee ahead of last year’s election. Last month, FireEye says those hackers, believed to be associated with the Russian military intelligence service GRU, have begun to use EternalBlue, the leaked NSA hacking tool

Anybody applying methodology of CrowdStrike and FireEye would identify “Fancy Bear / APT28” as an American government hacking group with much higher confidence than they have identified it as a Russian one. This is a contradiction, proving that their identification/attribution methodology is wrong.

CrowdStrike’s IPO

June 14, 2019 update: CrowdStrike has completed the IPO and is being traded under the ticker CRWD with valuation of $12B. The tech bubble is incredible!

CrowdStrike has filed a preliminary prospectus for an IPO. The narrative has totally shifted. It contains no claims of ability to attribute cyber-incidents. Its DNC work is not even mentioned. Instead, it focuses on the Cloud and AI. The prospectus even claims (falsely) that the company was founded “on the principle that the future of security would be driven by AI“.  The target valuation is $3.4B, despite a net loss of $140 million on $250 million in revenue (2018). From the prospectus: Continue reading CrowdStrike’s IPO

Jeffrey Carr, the “Russian Hacking” Skeptic

Jeffrey Carr is a cyber-security expert, and one of few open skeptics of the narrative that the leaked DNC and/or DCCC internal documents came from hacking by Russia. Few remarkable quotes from his posts, mostly from 2016-2017.

Can Facts Slow The DNC Breach Runaway Train?

“Here’s my nightmare. Every time a claim of attribution is made — right or wrong — it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified.”

Why aren’t there more skeptics in InfoSec?

“There’s a cost to being too critical. One infosec company threatened to sue a researcher if he didn’t make substantive changes to a published paper that was critical of their report. Many employers don’t allow their employees to express controversial opinions that could hurt the company’s business or reputation. And if the company or organization that you’re critical of has influential connections in Washington D.C., your professional reputation may suffer as well.”  Continue reading Jeffrey Carr, the “Russian Hacking” Skeptic

CrowdStrike, MIS Department, and the DNC

Hillary presidential campaign chairwoman Donna Brazile’s book Hacks: The Inside Story of the Break-ins and Breakdowns That Put Donald Trump in the White House can be retold in one sentence:

The Russians have hacked the elections and poisoned my dog Chip.

Nevertheless, the book reveals some information concealed by Hillary and the DNC loyalists in FBI.

  • In August, seeing CrowdStrike’s helplessness, the DNC invited real cyber security people to form a competent network security team that the book calls the Hacker House, or HH. This contradicts the DNC official story that CrowdStrike was doing a fabulous job
  • HH found out that the DNC network was unprotected, and that anybody could have hacked into it 
  • HH informed DNC and Hillary’s campaign leadership of this fact and spent most of its time training DNC networking administrators
  • HH was asked, but refused to support allegations that the DNC network had been penetrated by “Russians.” HH also had run-ins with CrowdStrike.
  • The DNC, Hillary, and the Obama administration disregarded and suppressed this information. They continued their electoral campaign strategy: worsening relations with Russia, accusing Trump of collusion with Putin, and using the FBI, CIA, DHS, and ODNI to sabotage Trump’s campaign.  During the transition period, John Brennan and other Obama/Clinton loyalists used false allegations of the “Russian hacking” to attempt something like a coup d’état. The coup was not a complete failure – the angry Democrats have nearly wrestled control of the DOJ away from the elected president.

Continue reading CrowdStrike, MIS Department, and the DNC

Origin of Operation “Crossfire Hurricane”

Needs update!  (See The Real Origination Story of the Trump-Russia Investigation and more recently published evidence)

2018-09-18. It’s possible that the DNC and/or Hillary campaign started preparing the “Russian collusion” story immediately after the initial attribution of the DNC network breach to Russia by CrowdStrike on May 6 (rather than on June 12, as assumed in the article.) That better explains the hiring of Christopher Steele in early June, the issuing of a visa to Natalia Veselnitskaya on June 1, the strange text of the email introducing Veselnitskaya to Trump Jr., and the meetings between Glenn Simpson of Fusion GPS with her immediately before and after her meeting with Trump Jr.  Continue reading Origin of Operation “Crossfire Hurricane”

What is the ‘Advanced Persistent Threat’?

APT [Advanced Persistent Threat] is a term to refer to Chinese espionage
without saying Chinese espionage. Full stop.
Scott J Roberts
, APT is a Who not a What …

The full quote:

“This classified intelligence was a problem. … These DoD/IC teams wanted to help, but couldn’t disclose classified information. They came up with a compromise: sharing indicators and information without disclosing the actual actor behind it. Specifically APT, supposedly coined by Colonel Greg Rattray, was a couple groups of actors primarily operating out of mainland China and believed to be members of the People’s Liberation Army. We now know these groups today as APT1Anchor Panda, and Elderwood, as well as other private designations.

APT is a term to refer to Chinese espionage without saying Chinese espionage. Full stop.”

Continue reading What is the ‘Advanced Persistent Threat’?

Russian Bears with Donkey Ears

The “assessment” that the Russian government hacked the DNC and leaked its emails was wrong. It’s almost impossible to attribute a network breach to a sophisticated hackers group.

When #CrowdStrike and FireEye started making the fraudulent attribution on cyber security events, many other companies followed. The Obama regime has corrupted and dumbed down the DHS, DNI, and FBI. They bought this fraud, and then added some.

In 2016, Hillary and the DNC were deceived by CrowdStrike into believing that Russia was behind the leaks of their emails that shouldn’t have been written in the first place. Together with Obama they forced that deception on the FBI and intelligence. Then they blamed Russia for their election defeat!

Most successful network security breaches are conducted by criminal hackers, many of whom are based or originate from Russia and Eastern Europe. Most unsuccessful attempts are conducted by amateurs. Organizations should protect their networks, rather than blame nation states.

Read Jeffrey Carr, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort or Robert Graham, Dear Obama, From Infosec – both are (or were) anti-Trump.

CrowdStrike: Crooked, Shrill, Unashamed

Since the misattribution of a suspected breach into the DNC network in early 2016 to Russia, CrowdStrike has been boosted by:

  • DNC loyalists in the FBI, CIA, DHS, and DNI
  • the fawning coverage by mainstream media
  • NBC News employing Shawn Henry, a CrowdStrike top officer and former executive assistant to FBI Director Robert Mueller, as a cyber security consultant
  • $300M investments by Google and Silicon Valley VCs

Continue reading CrowdStrike: Crooked, Shrill, Unashamed