CrowdStrike Revises and Retracts Parts of Explosive Russian Hacking Report

Last week, I published two posts on cyber security firm CrowdStrike after becoming aware of inaccuracies in one of its key reports used to bolster the claim that operatives of the Russian government had hacked into the DNC. This is extremely important since the DNC hired CrowdStrike to look into its hack, and at the same time denied FBI access to its servers.

Before reading any further, you should read last week’s articles if you missed them the first time.

Credibility of Cyber Firm that Claimed Russia Hacked the DNC Comes Under Serious Question

What is CrowdStrike? Firm Hired by DNC has Ties to Hillary Clinton, a Ukrainian Billionaire and Google

Now here are the latest developments courtesy of Voice of America:

U.S. cybersecurity firm CrowdStrike has revised and retracted statements it used to buttress claims of Russian hacking during last year’s American presidential election campaign. The shift followed a VOA report that the company misrepresented data published by an influential British think tank.

In December, CrowdStrike said it found evidence that Russians hacked into a Ukrainian artillery app, contributing to heavy losses of howitzers in Ukraine’s war with pro-Russian separatists.

VOA reported Tuesday that the International Institute for Strategic Studies (IISS), which publishes an annual reference estimating the strength of world armed forces, disavowed the CrowdStrike report and said it had never been contacted by the company.

CrowdStrike was first to link hacks of Democratic Party computers to Russian actors last year, but some cybersecurity experts have questioned its evidence. The company has come under fire from some Republicans who say charges of Kremlin meddling in the election are overblown.

After CrowdStrike released its Ukraine report, company co-founder Dmitri Alperovitch claimed it provided added evidence of Russian election interference. In both hacks, he said, the company found malware used by “Fancy Bear,” a group with ties to Russian intelligence agencies.

CrowdStrike’s claims of heavy Ukrainian artillery losses were widely circulated in U.S. media.

On Thursday, CrowdStrike walked back key parts of its Ukraine report.

The company removed language that said Ukraine’s artillery lost 80 percent of the Soviet-era D-30 howitzers, which used aiming software that purportedly was hacked. Instead, the revised report cites figures of 15 to 20 percent losses in combat operations, attributing the figures to IISS.

Finally, CrowdStrike deleted a statement saying “deployment of this malware-infected application may have contributed to the high-loss nature of this platform” — meaning the howitzers — and excised a link sourcing its IISS data to a blogger in Russia-occupied Crimea.

In an email, CrowdStrike spokeswoman Ilina Dmitrova said the new estimates of Ukrainian artillery losses resulted from conversations with Henry Boyd, an IISS research associate for defense and military analysis. She declined to say what prompted the contact.

Dmitrova noted that the FBI and the U.S. intelligence community have also concluded that Russia was behind the hacks of the Democratic National Committee, Democratic Congressional Campaign Committee and the email account of John Podesta, Hillary Clinton’s campaign manager.

Here’s the problem. Yes, the FBI has agreed with CrowdStrike’s conclusion, but the FBI did not analyze the DNC servers because the DNC specifically denied the FBI access. This was noteworthy in its own right, but it takes on vastly increased significance given the serious errors in a related hacking report produced by the company.

As such, serious questions need to be asked. Why did FBI head James Comey outsource his job to CrowdStrike, and why did he heap praise on the company? For instance, back in January, Comey referred to CrowdStrike as a “highly respected private company.”

In a hearing with the Senate Intelligence Committee Tuesday afternoon outlining the intelligence agencies’ findings on Russian election interference, Comey said there were “multiple requests at different levels” for access to the Democratic servers, but that ultimately a “highly respected private company” was granted access and shared its findings with the FBI.

Where does all this respect come from considering how badly it botched the Ukraine report?

Something stinks here, and the FBI needs to be held to account.

If you enjoyed this post, and want to contribute to genuine, independent media, consider visiting our Support Page.

In Liberty,
Michael Krieger

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.

3 thoughts on “CrowdStrike Revises and Retracts Parts of Explosive Russian Hacking Report”

  1. As someone that prefers to see all the evidence before drawing conclusions, the latest Crowdstrike report is a step backwards.

    One claim has been changed from

    “Open-source reporting indicates losses of almost 50% of equipment in the last 2 years of conflict amongst Ukrainian artillery forces and over 80% of D-30 howitzers were lost, far more than any other piece of Ukrainian artillery.”
    to
    “(from Henry Boyd,IISS): ‘excluding the Naval Infantry battalion in the Crimea which was effectively captured wholesale, the Ukrainian Armed Forces lost between 15% and 20% of their pre-war D–30 inventory in combat operations.’ ”

    This leads to more questions than answers. There is an elephant in the room that is not addressed: what happened to the the 80% reduction in D-30 towed-artillery inventories?

    Now a casual observer may infer that the 80% number has been revised to 15-20%. However, thsese numbers are measuring **different metrics**: overall inventory reductions (80%) vs combat losses (15-20%). More importantly, the original 80% number was ALSO provided by IISS (indirectly) and **has not been disputed** by them (to further muddy the water, Crowdstrike has deleted the reference to their original IISS data source from which the 80% loss was derived).

    The only thing that has really changed is that Crowdstrike had originally attrtibuted 100% of the inventory decline to combat losses, while now they are going with the IISS assessment which attributes more than 75% of the inventory decline to non-combat reasons (including the capture of the Naval Infantry Battalion).

    Also lost in the new report is any comparison of the D-30 howitzer losses to the losses for other artillery, so we have no way of knowing if this loss is proportionately higher than for other artillery pieces (which would support Crowdstrike’s assertions about a compromised app).

    With direct access to an IISS expert, this report could be easily improved. All it would need is a chart or table showing D-30 and other artillery losse from 2007-2017, as well as IISS’s attributions of the breakdown of the year-to-year inventory changes (combat losses, non-combat capture, sales, disrepair, etc). Then we could tell whether D-30 combat losses were abnormally high or not.

    Reply

Leave a Reply