Oct. 24, 2016, "The Russian Expat Leading the Fight to Protect America," Esquire, Vicky Ward
"In a war against hackers, Dmitri Alperovitch and CrowdStrike are our special forces (and Putin's worst nightmare)."
(parag. 7) "Hacking, like domestic abuse...tends to induce shame. Companies such as Yahoo usually publicize their breaches only when the law requires it. For this reason, Alperovitch says, he expected that the DNC, too, would want to keep quiet....
The (US) government's attitude toward attribution moved closer to [CrowdStrike] Alperovitch's in September 2015....A year earlier [2014], five members of the Chinese People's Liberation Army had been indicted by a grand jury in Pennsylvania for stealing economic secrets from the computers of U. S. firms in the nuclear, solar, and metals industries....Alperovitch went on television to call for a stronger response. In April 2015, after President Obama signed an executive order threatening sanctions against the Chinese, Alperovitch received a call from the White House. "You should be happy," he was told. "You're the one who's been pushing for this."...
On October 7, [2016] two
days before the second presidential debate [between Hillary and Trump],
Alperovitch got a phone call from a senior government official alerting
him that a statement identifying Russia as the sponsor of the DNC
attack would soon be released. . (The
statement, from the office of the director of national intelligence and
the Department of Homeland Security, appeared later that day.) Once
again, Alperovitch was thanked for pushing the government along....
Though pleased, he wished the
statement had warned that more leaks were likely. "It's nice that you
have the DHS and DNI jointly putting the statement out on a Friday
night, but the president coming out and saying, 'Mr. Putin, we know
you're doing this, we find it unacceptable, and you have to stop' would
be beneficial."
Less
than a week later [early Oct. 2016], after WikiLeaks released another cache of hacked
emails—this time from John Podesta, Hillary Clinton's campaign chair—the
White House announced that the president was considering a
"proportional" response against Russia.
Administration officials asked
Alperovitch to attend a meeting to consider what to do. He was the only
native Russian in the room. "You have to let them save face," he told
the group. "Escalation will not end well.""
........................
Added: “Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong."
"Rush to Judgment," "The evidence that the Russians hacked the DNC is collapsing," antiwar.com,
"“It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method,” writes Carr:
“Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong. Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).”
Likening attribution claims of hacking incidents by cybersecurity companies to intelligence assessments, Carr notes that, unlike government agencies such the CIA, these companies are never held to account for their misses:
“When it comes to cybersecurity estimates of attribution, no one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act, or (3) a government employee leaked the evidence.”"
....................
Added: "“The only things that pay in the cybersecurity world are claims of attribution,” Mr. Carr said. “Which foreign government attacked you?""
July 5, 2017, "Hacked computer server that handled DNC email remains out of reach of Russia investigators," Washington Times, Dan Boylan
"“The only things that pay in the cybersecurity world are claims of attribution,” Mr. Carr said. “Which foreign government attacked you? If you are critical of the attack, you make zero money. CrowdStrike is the poster child for companies that operate like this.”" (end of article)
........................
Added: “Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong."
"Rush to Judgment," "The evidence that the Russians hacked the DNC is collapsing," antiwar.com,
"“It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method,” writes Carr:
“Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong. Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).”
Likening attribution claims of hacking incidents by cybersecurity companies to intelligence assessments, Carr notes that, unlike government agencies such the CIA, these companies are never held to account for their misses:
“When it comes to cybersecurity estimates of attribution, no one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act, or (3) a government employee leaked the evidence.”"
....................
Added: "“The only things that pay in the cybersecurity world are claims of attribution,” Mr. Carr said. “Which foreign government attacked you?""
July 5, 2017, "Hacked computer server that handled DNC email remains out of reach of Russia investigators," Washington Times, Dan Boylan
"“The only things that pay in the cybersecurity world are claims of attribution,” Mr. Carr said. “Which foreign government attacked you? If you are critical of the attack, you make zero money. CrowdStrike is the poster child for companies that operate like this.”" (end of article)
-------------------
No comments:
Post a Comment