Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 05 October 2017 11:16

'Attribution' paper may queer the pitch for Kaspersky Labs


Russian security firm Kaspersky Labs may have put itself squarely in the crosshairs of the lobby promoting the theory that Russia hacked the Democratic National Committee in 2016, by producing a paper that underscores the difficulty of attribution where cyber exploits are concerned.

Before anyone leaps to any conclusion, make no mistake, the paper — titled Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell — is well-written and logically argued as is most of the material produced by Kaspersky's Global Research and Analysis Team.

But with Kaspersky already having become collateral damage in the hysteria sweeping Washington, the report is very likely to elicit the reaction that it is trying to cover up the tracks allegedly left by the Russians (or their proxies) who breached the DNC.

Briefly put, the paper deals with the way state actors borrow or steal techniques from others at the same level, and thus create a web that is difficult to trace to any particular actor. Attribution then becomes even more difficult than it is under normal circumstances.

There is plenty of evidence from cases which Kaspersky has tackled and the arguments are water-tight.

But at a time when it is an article of faith among Democrats and their supporters that their candidate, Hillary Clinton, lost last year's election because of Russia's intervention, such logic would, one fears, be seen as a cover-up.

The facts say otherwise but then this is something like a religion, a cult, where logic is the first, second and last casualty.

Even The Intercept, which has largely retained scepticism about the Russian hack theory, carries an article about the Kaspersky paper by former Wired staffer Kim Zetter which says:

"The attacks last year on the Democratic National Committee, for example, were attributed to hacking groups associated with Russian intelligence based in part on analysis done by the private security firm CrowdStrike, which found that tools and techniques used in the DNC network matched those used in previous attacks attributed to Russian intelligence groups."

No mention is made of the fact that CrowdStrike was asked by the FBI multiple times for access to the DNC servers and refused to grant access.

Neither is there any mention of the fact that the chief technical officer of CrowdStrike, Dmitri Alperovich, is an associate of an anti-Russian outfit known as the Atlantic Council, a Washington think- tank that is kept afloat by Saudi Arabia, the United Arab Emirates, the Ukrainian World Congress, the US State Department and others who have an interest in isolating or discrediting Russia.

Zetter also writes: "Although the Kaspersky researchers believe the DNC attribution is correct, they say researchers need to be more cautious about assuming that when the same tools and techniques are being used, the same actors are using them."

There is no reference to the DNC either in the short blog post by Kaspersky researchers Juan Andrés Guerrero-Saade and Costin Raiu who wrote the paper in question or in the paper itself.

So exactly where Zetter is getting these "facts" is a mystery.

Kaspersky Lab staff have a tough time on their hands, being under scrutiny by the FBI and presumably watched also in other countries that unhesitatingly follow US policies on anything and everything (except guns).

Thus, it may be time to think a little more before giving conspiracy theorists aka Democrats and their disciples any cause to make things any more difficult for the company to do business in the English-speaking world.

The paper was presented at the 2017 VirusBulletin conference in Madrid.

Subscribe to Newsletter here

WEBINAR INVITE: Exploring Emerging Strategies for 5G Monetization

Network Operators continue to invest in 5G and build out their infrastructure.

With the recent impact of world events, the pressure is on to explore additional ways beyond traditional subscription models to monetize existing investments and speed up returns.

Creative thinking is key in this space, and in this webinar, you will learn about innovative ideas for Network Operators and Enterprise Business to enable new services and opportunities to drive incremental revenue.

Join us for this thought-provoking webinar with ITR Analyst, Marc Einstein, where you will learn about:

- Key industry 5G trends
- How COVID-19 is driving innovation and potential new business opportunities and applications for 5G

Click below to register your interest for the AUGUST 26, 4PM WEBINAR (AEST)



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews


Guest Research & Case Studies

Channel News