Security Market Segment LS
Monday, 11 March 2019 09:51

Credentials of firm that linked Parliament hack to Iran questioned Featured

By
Credentials of firm that linked Parliament hack to Iran questioned Image by OpenClipart-Vectors on Pixabay

Infosec outfit Resecurity, which has come under scrutiny by some well-known researchers over its attribution of some recent hacks, has hit back by accusing its detractors of having ulterior motives for indulging in such criticism.

The company claimed last month that an Iranian-linked entity was behind the breach of the Australian Parliament network. More recently, it claimed that the same Iranian group was responsible for the breach at multinational software company Citrix Systems.

In both cases, Resecurity put out blog posts which are somewhat similar in their content.

Criticism of Resecurity's claim about the Australian Parliament hack, which was published by The Wall Street Journal and iTWire, was made on 21 February by Kevin Collier, a reporter with Buzzfeed, who cited the company's claims and then linked to an article in the Sydney Morning Herald where the counter-claim was made that China was behind the hack.

Others who criticised Resecurity were Catalin Cimpanu, a reporter with ZDNet, who said he and Sergiu Gatlan, a reporter with Bleeping Computer, had talked about the Citrix hack and the latter had tried to contact Resecurity but received what was described as a "weird reply".

Wrote Cimpanu: "There were a lot of details around this story that kept changing last night. Then he (Gatlan) got a weird reply from the company via email. Then there was their obsession with Iran."

And Costin Raiu, a senior researcher and the head of Kaspersky Lab's Global Research and Analysis Team, said: "Some facts: the Resecurity website doesn't even have an About page. Their corporate movie has a bunch of actors talking about security but no names or titles. Their president has no work history before 2017. Of course, it may be legit, but for now it looks odd."

Added Raiu: "I'd be cautious with this story (the Citrix story on CNBC), feels like there's a lot of FUD (fear, uncertainty and doubt) surrounding it. Eg: 'Iridium broke its way into Citrix's network about 10 years ago, and has been lurking inside [...] ever since'. Then 'Citrix came under attack twice, once in December and again Monday."

Brian Bartholomew, another senior researcher from Kaspersky, said: "These Resecurity folks are really jacking some shit up lately. First they say Iran is responsible for the AU parliament hack, and now they say an Iranian group named 'Iridium' is behind the Citrix stuff."

The Resecurity website has only two research reports in its blog, about the Australian Parliament and Citrix hacks. There are claims on its website of supplying services to several high-profile clients like Microsoft, JPMorgan Chase and Amazon but the logos of these companies do not link to the clients' websites. There is also a list of awards that Resecurity claims to have won, but again the logos of these awards do not link anywhere.

Asked for his response to the criticism, Resecurity researcher Jean-Jacques Gonçalves told iTWire: "Unfortunately, we don't comment [on] such statements delivered in [the] form of 'tweets'. Moreover, they have no relation to the topic, and have minimal insight on it. We are not familiar with these wonderful gentlemen, and with interest read their communications when the time allows."

Gonçalves added: "None of them has reached out officially, besides Sergiu Gatlan, and has no relation to our company as well. We have provided an official comment only to Sergiu Gatlan through our press service, who later for some reasons said 'he has received a weird reply' (we have a copy, and documented correspondence with him, which included a kind and timely addressed recommendation to read an official statement published on our website)."

He also pointed out that Cimpanu, Gatlan and Raiu were all of Romanian ancestry — though he did not expand on the significance of this — while Raiu, Bartholomew and Eugene Kaspersky — who retweeted Collier's claims — were all from Kaspersky Labs.

Gonçalves provided links to show the Russian company had a relationship with Citrix, though he again did not expand on what he was implying.

"Probably, it may characterise the level of culture in general, but typically we don't comment such things," he said. "We wish only the best to Kaspersky Labs, understanding some challenges they had to face with in the past few years." The last statement was a reference to the issues Kaspersky Lab has faced in the US, which ended up with it losing all its business with the American public sector.

Gonçalves dismissed Collier's claims in detail, saying that only one of the three points he (Collier) had made was valid: the reference to the WSJ headline. Of the other two, he said Resecurity had a detailed blog post about the Australian hack, tying the group IRIDIUM to it. And he also contested Collier's claim about the SMH article being based on government or government-adjacent sources, saying that the article mentioned "top-level sources" who could not be in any way identified as they were not named.

He also mentioned that China had denied any involvement in the Parliament attack.

"Moreover, we have reached [out] to [the] lady [who] published this article – Latika Bourke. After our contact, it has been modified several times (starting from wrong use of our company name, and ending with 'top-level sources', who in the past 'couldn’t comment anything on the record'. In such case, on what sources she was relying is still a question. From our side, we haven’t changed a single word," he said.

The company's website was down for quite some time on Monday morning Australian time; when asked about this, Gonçalves said: "We have installed Cloudflare and you saw its cache for couple of minutes."

Resecurity's claims about the Citrix hack have been reported by several tech and general sites such as The Register and CNBC.

Read 3534 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments