Another point of view on the purported Russian hacking
U.S. Intelligence Got the Wrong Cyber BearBloomberg View
JAN 2, 2017 11:58 AM EST
By Leonid Bershidsky
Leonid Bershidsky is a Bloomberg View columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.
The "Russian hacking" story in the U.S. has gone too far. That it's not based on any solid public evidence, and that reports of it are often so overblown as to miss the mark, is only a problem to those who worry about disinformation campaigns, propaganda and journalistic standards -- a small segment of the general public. But the recent U.S. government report that purports to substantiate technical details of recent hacks by Russian intelligence is off the mark and has the potential to do real damage to far more people and organizations.
The joint report by the Department of Homeland Security and the Federal Bureau of Investigation has a catchy name for "Russian malicious cyber activity" -- Grizzly Steppe -- and creates infinite opportunities for false flag operations that the U.S. government all but promises to attribute to Russia.
The report's goal is not to provide evidence of, say, Russian tampering with the U.S. presidential election, but ostensibly to enable U.S. organizations to detect Russian cyber-intelligence efforts and report incidents related to it to the U.S. government. It's supposed to tell network administrators what to look for. To that end, the report contains a specific YARA rule -- a bit of code used for identifying a malware sample. The rule identifies software called the PAS Tool PHP Web Kit. Some inquisitive security researchers have googled the kit and found it easy to download from the profexer.name website. It was no longer available on Monday, but researchers at Feejit, the developer of WordPress security plugin Wordfence, took some screenshots of the site, which proudly declared the product was made in Ukraine.