U.S. #cybersecurity firm #CrowdStrike has revised and retracted statements it used to buttress claims of #Russian #hacking during last year’s American presidential election campaign. The shift followed a VOA report that the company misrepresented data published by an influential British think tank.
In December, CrowdStrike said it found evidence that Russians hacked into a Ukrainian artillery app, contributing to heavy losses of howitzers in Ukraine’s war with pro-Russian separatists.
VOA reported Tuesday that the International Institute for Strategic Studies (IISS), which publishes an annual reference estimating the strength of world armed forces, disavowed the CrowdStrike report and said it had never been contacted by the company.
Ukraine’s Ministry of Defense also has stated that the combat losses and hacking never happened.
CrowdStrike was first to link hacks of Democratic Party computers to Russian actors last year, but some cybersecurity experts have questioned its evidence. The company has come under fire from some Republicans who say charges of Kremlin meddling in the election are overblown.
After CrowdStrike released its Ukraine report, company co-founder Dmitri Alperovitch claimed it provided added evidence of Russian election interference. In both hacks, he said, the company found malware used by “Fancy Bear,” a group with ties to Russian intelligence agencies.
CrowdStrike’s claims of heavy Ukrainian artillery losses were widely circulated in U.S. media.
On Thursday, CrowdStrike walked back key parts of its Ukraine report.
The company removed language that said Ukraine’s artillery lost 80 percent of the Soviet-era D-30 howitzers, which used aiming software that purportedly was hacked. Instead, the revised report cites figures of 15 to 20 percent losses in combat operations, attributing the figures to IISS.
The original CrowdStrike report was dated Dec. 22, 2016, and the updated report was dated March 23, 2017.
The company also removed language saying Ukraine’s howitzers suffered “the highest percentage of loss of any … artillery pieces in Ukraine’s arsenal.”
Finally, CrowdStrike deleted a statement saying “deployment of this malware-infected application may have contributed to the high-loss nature of this platform” – meaning the howitzers – and excised a link sourcing its IISS data to a blogger in Russia-occupied Crimea.
In an email, CrowdStrike spokeswoman Ilina Dmitrova said the new estimates of Ukrainian artillery losses resulted from conversations with Henry Boyd, an IISS research associate for defense and military analysis. She declined to say what prompted the contact.
“This update does not in any way impact the core premise of the report that the FANCY BEAR threat actor implanted malware into a D-30 targeting application developed by a Ukrainian military officer,” Dmitrova wrote.This is apparently a false claim:
Crowdstrike, along with FireEye and other cybersecurity companies, have long propagated the claim that Fancy Bear and all of its affiliated monikers (APT28, Sednit, Sofacy, Strontium, Tsar Team, Pawn Storm, etc.) were the exclusive developers and users of X-Agent. We now know that is false.
ESET was able to obtain the complete source code for X-Agent (aka Xagent) for the Linux OS with a compilation date of July 2015. 
A hacker known as RUH8 aka Sean Townsend with the Ukrainian Cyber Alliance has informed me that he has also obtained the source code for X-Agent Linux. 
If both a security company and a hacker collective have the X-Agent source code, then so do others, and attribution to APT28/Fancy Bear/GRU based solely upon the presumption of “exclusive use” must be thrown out.
This doesn’t mean that the Russian government may not choose to use it. In fact, Sean Townsend believes that the Russian security services DO use it but he also knows that they aren’t the only ones.
Reached by VOA, the IISS confirmed providing CrowdStrike with new information about combat losses, but declined to comment on CrowdStrike’s hacking assertions.
“We don’t think the current version of the [CrowdStrike] report draws conclusions with regard to our data, other than quoting the clarification we provided to them,” IISS told VOA.
Dmitrova noted that the FBI and the U.S. intelligence community have also concluded that Russia was behind the hacks of the Democratic National Committee, Democratic Congressional Campaign Committee and the email account of John Podesta, Hillary Clinton’s campaign manager.Note: The FBI and US Intelligence community has said that it relied on the Crowdstrike report without investigating and were also denied access to the DNC server that was allegedly hacked. In addition, there is reason to think that the incident was the result of an insider leak rather than a cyber hack.
The release of embarrassing Democratic emails during last year’s U.S. political campaign, and the subsequent finding by intelligence agencies that the hacks were meant to help then-candidate Donald Trump, have led to investigations by the FBI and intelligence committees in both the House and Senate.
Trump and White House officials have denied colluding with Russians.See also
Exposing the farcical claims about Russian hacking of the election