by Carey Wedler, The Anti Media:
On Thursday, the FBI and Department of Homeland Security released a joint analysis report addressing persistent allegations that the Russian government hacked the U.S. election.
Though, as the White House fact sheet asserts, the report largely consists of tips to improve cyber security and prevent future attacks, it also appears to cite evidence Russian Intelligence Services (RIS) actively attempted to hack into U.S. systems, a campaign the government has named “GRIZZLY STEPPE.”
But as the media runs with the story and many outlets accept the 13-page report as fact, veterans of the intelligence community have pointed out flaws with the FBI-DHS analysis.
According to Philip Giraldi, a former CIA agent, the report fails to prove Russia is behind the hack. In a recent Facebook post, he asserted that “apart from assertions of Russian activity connected to an unnamed political party, [the report] provides absolutely no evidence that the alleged intrusions into the DNC servers were anything beyond normal intelligence agency probing for vulnerabilities.”
“In fact,” he adds, “it doesn’t even provide the evidence for that.”
Further, he argues:
“There is no evidence of particular mal-intent that can be traced back to the Russian government, much less to Vladimir Putin. Nine of the thirteen pages of the report deal with advice on how to keep your system from being hacked.”
Robert M. Lee, a former U.S. Air Force Cyber Warfare Operations Officer and founder and CEO of cyber security firm Dragos, explains the report is confusing because it states early on that its intention is to aid “defenders” of the U.S. However, the report makes a point of declaring RIS guilty, veering away from the stated public service goals.
Lee highlights this convolution, highlighting two alleged groups included in the report:
“The public is looking for evidence of the attribution, the White House and the DHS/FBI clearly laid out that this report is meant for network defense, and then the entire discussion in the document is on how the DHS/FBI confirms that APT28 and APT29 are RIS groups that compromised a political party.”
But that’s not the only problem. As Lee points out, the report notes the FBI has previously refrained from naming specific actors in joint analysis reports — but does so for the purposes of this investigation, claiming they can confirm indicators of an attack from private sector attribution. Yet “the GRIZZLY STEPPE report reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence,” Lee writes.
Jeffrey Carr, a cybersecurity consultant and author of Inside Cyber Warfare, has bluntly rejected the allegations contained in the report:
“It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.”
In contrast, Lee shies away from fully disregarding the report, issuing a “thank you” to “the government operators who did fantastic work and tried their best to push out the best information.” But he also has words for those who conducted “the sanitation of that information and the report writing.”
Please follow SGT Report on Twitter & help share the message.