The “Under Serious Question” in the title is too charitable to Creditstrike, the firm that found “Russian hackers” responsible for last year’s DNC hack. Creditstrike was a private firm hired by the DNC to find that conncection, but the DNC refused to turn its computers over to the FBI and let them investigate, and potentially confirm, Creditstrike’s conclusion. So Creditstrike didn’t have much credibility to begin with, and this newest disclosure destroys what little it had. From Michael Krieger at libertyblitzkrieg.com:
Before I get to the meat of this post, we need to revisit a little history. The cyber security firm hired to inspect the DNC hack and determine who was responsible is a firm called Crowdstrike. Its conclusion that Russia was responsible was released in December of last year, and many people immediately called its analysis (and the U.S. government’s) into question.
Jeffrey Carr was one of the most prominent cynics, and as he noted in his post, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort:
The FBI/DHS Joint Analysis Report (JAR) “Grizzly Steppe” was released yesterday as part of the White House’s response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks.
It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.
Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words — malware deployed is malware enjoyed!