{"id":68501,"date":"2017-03-13T12:51:43","date_gmt":"2017-03-13T16:51:43","guid":{"rendered":"https:\/\/stateofthenation2012.com\/?p=68501"},"modified":"2017-03-13T13:07:43","modified_gmt":"2017-03-13T17:07:43","slug":"fix-is-in-house-committee-on-russian-hacking-includes-only-dnc-hired-tech-experts","status":"publish","type":"post","link":"https:\/\/stateofthenation2012.com\/?p=68501","title":{"rendered":"Why is it that the House Committee on \u2018Russian Hacking\u2019 includes only DNC-hired tech experts?"},"content":{"rendered":"<h1>Fix Is In: House Committee on \u2018Russian Hacking\u2019 Includes Only DNC-Hired Tech Experts<\/h1>\n<p><!--more--><a href=\"https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/03\/CrowdStrike-640x480.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-68502\" src=\"https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/03\/CrowdStrike-640x480.jpg\" alt=\"\" width=\"640\" height=\"480\" srcset=\"https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/03\/CrowdStrike-640x480.jpg 640w, https:\/\/stateofthenation2012.com\/wp-content\/uploads\/2017\/03\/CrowdStrike-640x480-300x225.jpg 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>by LEE STRANAHAN<br \/>\nBreitbart.com<\/p>\n<h2>A list of witnesses scheduled to appear at a House Permanent Select Committee on Intelligence Open Hearing on \u201cRussian Active Measures\u201d contains a glaring problem: the only technical experts scheduled to testify are from CrowdStrike. CrowdStrike is a\u00a0firm hired by the Democratic National Committee (DNC) and has become the primary source of the narrative about \u201cRussian hacking\u201d of the 2016 election and has acted as a mouthpiece for the Democrats since last June.<\/h2>\n<p>The initial witness list released by House Intelligence includes a number of intelligence officials, all appointed during the Obama administration, such as former CIA Director John Brennan, former Director of National Intelligence James Clapper, and former Acting Attorney General Sally Yates, but the sole technical people on the invitation list are two representatives of CrowdStrike, President Shawn Henry, and the co-founder Dmitri Alperovitch.<\/p>\n<p>Breitbart News has <a class=\" x5l\" href=\"http:\/\/soundcloud.com\/stranahan\/russian-hacking-mark-maunder-on-jar-interpretations-and-bad-timing\" target=\"_blank\" rel=\"noopener\">interviewed tech experts<\/a>\u00a0who\u00a0do not agree with the CrowdStrike assessment or Obama administration\u2019s claims that the DNC\/DCCC hacks clearly committed by Russian state actors, with much criticism aimed at the FBI\/DHS Joint Analysis Report (JAR) \u201cGrizzly Steppe\u201d that was released at the end of December. As <a class=\" x5l\" href=\"http:\/\/www.zdnet.com\/article\/no-smoking-gun-for-russian-dnc-hacks\/\" target=\"_blank\" rel=\"noopener\">ZDNet reported<\/a> after the JAR report was released by the Obama administration on the same day that they announced sanctions against Russia:<\/p>\n<blockquote><p>The JAR included \u201cspecific indicators of compromise, including IP addresses and a PHP malware sample.\u201d But what does this really prove? Wordfence, a WordPress security company specializing in analyzing PHP malware, examined these indicators and didn\u2019t find any hard evidence of Russian involvement. Instead, Wordfence found the attack software was P.AS. 3.1.0, an out-of-date, web-shell hacking tool. The newest version, 4.1.1b, is more sophisticated. Its website claims it was written in the Ukraine.<\/p>\n<p>Mark Maunder, Wordfence\u2019s CEO, concluded that since the attacks were made \u201cseveral versions behind the most current version of P.A.S <a>sic<\/a> which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.\u201d<\/p>\n<p>True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia\/Ukraine hackers. But it\u2019s \u201cused by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.\u201d In short, just because the attackers used P.A.S., that\u2019s not enough evidence to blame it on the Russian government.<\/p><\/blockquote>\n<p>Independent cybersecurity experts, such as\u00a0<a class=\" x5l\" href=\"http:\/\/medium.com\/@jeffreycarr\" target=\"_blank\" rel=\"noopener\">Jeffrey Carr<\/a>, have cited numerous errors that the media and CrowdStrike have made in discussing the hacking in what Carr refers to as a \u201c<a class=\" x5l\" href=\"http:\/\/medium.com\/@jeffreycarr\/can-facts-slow-the-dnc-breach-runaway-train-lets-try-14040ac68a55#.j5c5hzezv\" target=\"_blank\" rel=\"noopener\">runaway train<\/a>\u201d of misinformation.<\/p>\n<p><iframe loading=\"lazy\" width=\"590\" height=\"332\" src=\"http:\/\/launch.newsinc.com\/?type=VideoPlayer\/Single&#038;widgetId=1&#038;trackingGroup=69016&#038;playlistId=19132&#038;siteSection=90085_dynamic_one2many&#038;videoId=31692020\" frameborder=\"no\" scrolling=\"no\" noresize marginwidth=\"0\" marginheight=\"0\" allowfullscreen webkitallowfullscreen mozallowfullscreen><\/iframe><\/p>\n<p>For example, CrowdStrike has named a threat group that they have given the name \u201cFancy Bear\u201d for the hacks and then said this threat group is Russian intelligence. In December 2016, <a class=\" x5l\" href=\"http:\/\/medium.com\/@jeffreycarr\/fbi-dhs-joint-analysis-report-a-fatally-flawed-effort-b6a98fafe2fa#.qfohl5vi1\" target=\"_blank\" rel=\"noopener\">Carr wrote in a post on Medium<\/a>:<\/p>\n<blockquote><p>A common misconception of \u201cthreat group\u201d is that [it] refers to a group of people. It doesn\u2019t. Here\u2019s how ESET describes SEDNIT, one of the names for the threat group known as APT28, Fancy Bear, etc. This definition is found on p.12 of part two \u201cEn Route with Sednit: Observing the Comings and Goings\u201d:<\/p>\n<p><em>As security researchers, what we call \u201cthe Sednit group\u201d is merely a set of software and the related network infrastructure, which we can hardly correlate with any specific organization.<\/em><\/p>\n<p>Unlike CrowdStrike, ESET doesn\u2019t assign APT28\/Fancy Bear\/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.<\/p><\/blockquote>\n<p>Despite these and other criticisms from technical experts with no political axe to grind, the House Intelligence committee has called no independent cybersecurity professionals to challenge the Democrats\u2019 claims of \u201cRussian hacking\u201d that have been repeated <em>ad naseum <\/em>by the media.<\/p>\n<p>Instead of presenting counter-arguments to allow the general public to make up their own minds, the House committee has invited Shawn Henry and Dmitri Alperovitch from CrowdStrike,<\/p>\n<p>The danger is especially high since the subject involves technical details that the public\u2014and, frankly, most politicians\u2014don\u2019t understand and can be easily fooled about. A presentation with no rebuttal at all from other technical experts will lead to even more disinformation being given to the American people.<\/p>\n<p>There are a number of reasons to be skeptical of the objectivity of CrowdStrike\u2019s assessments.<\/p>\n<p>As <a class=\" x5l\" href=\"http:\/\/www.esquire.com\/news-politics\/a49902\/the-russian-emigre-leading-the-fight-to-protect-america\/\" target=\"_blank\" rel=\"noopener\"><em>Esquire<\/em> reported<\/a>\u00a0in a long profile piece, the DNC specifically used Alperovitch and Henry as part of an anti-Trump publicity plan related to the hacking in early June 2016:<\/p>\n<blockquote><p>The DNC wanted to go public. At the committee\u2019s request, Alperovitch and Henry briefed a reporter from <em>The Washington Post<\/em> about the attack.<\/p>\n<p>\u2026<\/p>\n<p>Alperovitch told me he was thrilled that the DNC decided to publicize Russia\u2019s involvement. \u201cHaving a client give us the ability to tell the full story\u201d was a \u201cmilestone in the industry,\u201d he says. \u201cNot just highlighting a rogue nation-state\u2019s actions but explaining what was taken and how and when. These stories are almost never told.\u201d<\/p><\/blockquote>\n<p>The <em>Esquire<\/em> piece also indicates that as the election wore on, the Obama administration was also using Alperovitch and CrowdStrike\u2019s claims to push the Democrat narrative that the Russians were behind the attack:<\/p>\n<blockquote><p>On October 7, two days before the second presidential debate, Alperovitch got a phone call from a senior government official alerting him that a statement identifying Russia as the sponsor of the DNC attack would soon be released. (The statement, from the office of the director of national intelligence and the Department of Homeland Security, appeared later that day.)<\/p><\/blockquote>\n<p>It is worth noting that CrowdStrike and Alperovitch\u2019s story has evolved over time to match a Democrat narrative. In an article in <em>Inc.<\/em> on June 14, 2016, titled \u201c<a class=\" x5l\" href=\"http:\/\/www.inc.com\/will-yakowicz\/crowdstrike-dnc-russian-spies-trump.html\" target=\"_blank\" rel=\"noopener\">Why the DNC Hired This Cybersecurity Firm to Fight Russian Spies<\/a>,\u201d Alperovitch claimed that the purpose of the DNC hack was to expose Donald Trump:<\/p>\n<blockquote><p>On Tuesday, it was revealed that the Russian government is implicated in a security breach of the Democratic National Committee\u2019s computer network, through which opposition research on the bombastic presidential candidate was lifted.<\/p>\n<p>\u201cEvery world leader is trying to figure out who Mr. Trump is, especially if he\u2019s elected president, and they want to know what his foreign policies would be. Russia is no exception,\u201d says Dmitri Alperovitch, co-founder and CTO of CrowdStrike. His firm was hired to manage the breach. \u201cThe actors are also interested in any other information the DNC might have in their opposition research to use it against Trump if he becomes president,\u201d says Alperovitch, who leads the Intelligence, Technology and CrowdStrike Labs teams.<\/p><\/blockquote>\n<p>There is no justification for a technical expert like Alperovitch ascribing motives to the hackers or making statements about what \u201cworld leaders\u201d think. It is simply outside his area of expertise, but the point of the Democrats using Alperovitch and Henry to promote their \u201cRussian hacking\u201d narrative is to provide a technical veneer to their story to score political points.<\/p>\n<p>Shawn Henry, the other House witness from CrowdStrike scheduled to testify on March 20 before House Intelligence, said\u00a0<a class=\" x5l\" href=\"http:\/\/www.linkedin.com\/in\/shawn-henry-372bb74b\/\" target=\"_blank\" rel=\"noopener\">on his LinkedIn page<\/a>\u00a0that he also works for NBC News, where he says his role is to \u201cadvise NBC News on all aspects of national, homeland, and cyber security, to include on-air appearances on all NBC, MSNBC, and CNBC News programs.\u201d He added that he is to \u201cregularly appear on Nightly News, The Today Show, and MSNBC news programming.\u201d<\/p>\n<p>CrowdStrike also has a financial connection to one of Hillary Clinton and the Democrats\u2019 most high-profile supporters in Silicon Valley: Google.<\/p>\n<p>In 2015, CrowdStrike raised $100 million in a new round of financing, according to the <em><a class=\" x5l\" href=\"http:\/\/www.nytimes.com\/2015\/07\/14\/business\/dealbook\/crowdstrike-cybersecurity-services-provider-raises-100-million.html?_r=0\" target=\"_blank\" rel=\"noopener\">New York Times<\/a>,\u00a0<\/em>which reported that \u201cthe investment was led by Google Capital, one of the technology giant\u2019s venture capital arms, in its first cybersecurity deal.\u201d<\/p>\n<p>As <a href=\"http:\/\/www.breitbart.com\/tech\/2016\/10\/19\/wikileaks-googles-eric-schmidt-working-with-clinton-campaign\/\">Breitbart News reported<\/a>, the WikiLeaks releases showed that Eric Schmidt, executive of Google Capital parent company and financier Alphabet, appeared to be working directly with the Clinton campaign.<\/p>\n<p>All of this makes the reliance of the House Committee and the media on CrowdStrike disturbing, but even worse, earlier this year, <a class=\" x5l\" href=\"http:\/\/www.buzzfeed.com\/alimwatkins\/the-fbi-never-asked-for-access-to-hacked-computer-servers?utm_term=.xqZJwVynq#.wqR6PXeq2\" target=\"_blank\" rel=\"noopener\">BuzzFeed reported<\/a> that the FBI did not examine the servers of the Democratic National Committee but,\u00a0instead, based their assessment on CrowdStrike\u2019s evaluation:<\/p>\n<blockquote><p>Six months after the FBI first said it was investigating the hack of the Democratic National Committee\u2019s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.<\/p>\n<p>\u2026<\/p>\n<p>The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC\u2019s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.<\/p>\n<p>\u2026<\/p>\n<p>\u201cCrowdStrike is pretty good. There\u2019s no reason to believe that anything that they have concluded is not accurate,\u201d the intelligence official said, adding they were confident Russia was behind the widespread hacks.<\/p><\/blockquote>\n<p>Despite that claim by an unnamed intelligence official, there is reason to believe that what CrowdStrike has concluded is not accurate. At this point, however, the House Committee and the American people will not\u00a0see it.<\/p>\n<p>Breitbart News has requested an interview with Dmitri Alperovitch, but at press time there was no response.<\/p>\n<p>The House Permanent Select Committee on Intelligence says that initial witness invitation lists \u201cmay be expanded or modified as warranted.\u201d<\/p>\n<p>___<br \/>\n<a href=\"http:\/\/www.breitbart.com\/big-government\/2017\/03\/09\/house-committee-russian-hacking-includes-only-dnc-hired-tech-experts\/\">http:\/\/www.breitbart.com\/big-government\/2017\/03\/09\/house-committee-russian-hacking-includes-only-dnc-hired-tech-experts\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fix Is In: House Committee on \u2018Russian Hacking\u2019 Includes Only DNC-Hired Tech Experts<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-68501","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts\/68501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=68501"}],"version-history":[{"count":0,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts\/68501\/revisions"}],"wp:attachment":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=68501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=68501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=68501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}