The Russian intelligence “hacking” of the Democratic National Committee has been accepted as fact by all good Democrats. There are, however, a multitude of problems with the attribution. From Justin Raimondo at antiwar.com:
The allegation – now accepted as incontrovertible fact by the “mainstream” media – that the Russian intelligence services hacked the Democratic National Committee (and John Podesta’s emails) in an effort to help Donald Trump get elected recently suffered a blow from which it may not recover.
Crowdstrike is the cybersecurity company hired by the DNC to determine who hacked their accounts: it took them a single day to determine the identity of the culprits – it was, they said, two groups of hackers which they named “Fancy Bear” and “Cozy Bear,” affiliated respectively with the GRU, which is Russian military intelligence, and the FSB, the Russian security service.
How did they know this?
These alleged “hacker groups” are not associated with any known individuals in any way connected to Russian intelligence: instead, they are identified by the tools they use, the times they do their dirty work, the nature of the targets, and other characteristics based on the history of past intrusions.
Yet as Jeffrey Carr and other cyberwarfare experts have pointed out, this methodology is fatally flawed. “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method,” writes Carr:
“Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong. Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).”
Likening attribution claims of hacking incidents by cybersecurity companies to intelligence assessments, Carr notes that, unlike government agencies such the CIA, these companies are never held to account for their misses:
“When it comes to cybersecurity estimates of attribution, no one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act, or (3) a government employee leaked the evidence.”
This lack of accountability may be changing, however, because Crowdstrike’s case for attributing the hacking of the DNC to the Russians is falling apart at the seams like a cheap sweater.
To continue reading: Rush to Judgment