On Thursday, the Department of Homeland Security and the FBI released a joint report about Russian cyberattacks, titled “Grizzly Steppe.” The report had been expected to lay out more details about intelligence agency’s claims that the Russian government was directly linked to hacks on the DNC and other organizations, but security experts have expressed broad disappointment with the report.
Jeffrey Carr, author of Inside Cyber Warfare, wrote on Friday that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at New America, argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details.
The report, Carr says, lists hacking groups previously suspected of Russian government ties, mostly identified by commercial security firms, “without providing any supporting evidence that such a connection exists.” That evidence may still remain classified, but Carr says that if so, it should be reviewed by an independent commission, because the White House targeting of Russia “is looking more and more like a domestic political operation run by the White House”.
Lee is much less skeptical of the White House, calling the accusations against the Russian government “a strong and accurate statement.” But he highlights extensive sloppy mistakes and limited practical data in the Grizzly Steppe report. A list of names used to identify hacking campaigns, such as APT28 and COZYBEAR, inexplicably mingles in the names of both malware tools and capabilities. Data intended to help network administrators block attacks is missing vital IP addresses and attack timelines.
Click here to read more.
SOURCE: Fortune, David Z. Morris