Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 26 December 2017 07:03

Immunity's Aitel backflips on WannaCry claims, Kaspersky

By

The head of American security firm Immunity, Dave Aitel, appears to be backtracking on his claims, made in August, that British security researcher Marcus Hutchins had "something to do" with the WannaCry ransomware which hit Windows computers globally in May.

Hutchins was hailed as a hero by many after he accidentally stopped the spread of WannaCry by registering a domain that was present in the malware's code. He was later arrested in Las Vegas over alleged charges of having created a banking trojan named Kronos, along with an unnamed co-conspirator.

Aitel made the claim about Hutchins' alleged connection to WannaCry on his blog. But on 23 December, he took a step backwards, writing, "In fact, I had bet @riotnymia some INFILTRATE tickets that this would go the other way. Looks like she should book a trip! :)" @riotnymia is the Twitter handle for Emma McCall, a cyber security analyst at Riot Games.

INFILTRATE is a security conference which Aitel's company organises annually.

Aitel did not explain exactly how the rest of the world should know about his private wagers and rank them above his public pronouncements.

His comments came a few days after US homeland official Tom Bossert publicly laid the blame for WannaCry on North Korea. iTWire ran a story that pointed out this, in effect, left egg on Aitel's face given his earlier public claim about Hutchins.

I contacted Aitel on Twitter, asking, "I asked you for your take on the WannaCry announcement. You chose not to reply. You publicly claimed Marcus Hutchins was behind WannaCry. Are you now denying that?" Unsurprisingly, he has not replied.

In his 23 December post, Aitel praised Bossert, but criticised journalists at his (Bossert's) media conference for asking about the NSA link to WannaCry — one NSA exploit, ETERNALBLUE, which was leaked on the Web by the Shadow Brokers last year was used by the attackers — and also hitting out at those who asked about the US Government's Vulnerability Exposure Policy. "There was the usual blame-the-NSA VEP nonsense which he (Bossert) pushed back on strongly and (imho) correctly," Aitel wrote.

The VEP appears to be a sensitive topic with Aitel; his company follows a policy of buying exploit information from others and then using it to protect his own customers against those exploits. The companies whose products are vulnerable are never told about the flaws.

The NSA has been criticised for crafting exploits for flaws that it has never disclosed to companies. Aitel, it must be mentioned here, is a former NSA employee.

Aitel also implicitly criticised iTWire for saying he had egg on his face, pointing out, "A more balanced approach was taken by TechBeacon taking into account Brian Kreb's article." This is the same Krebs who quietly pulled an article in which he had claimed a Russian link to the Shadow Brokers leak, publishing a note about it at the end of another article and disabling comments on that piece. Well-known blogger Marcy Wheeler has questioned whether Krebs had some kind of agenda in writing this article.

When Krebs was asked about it in the comments on his next article, personal slurs suddenly started appearing under fake names.

krebs comment one

The comment below appeared after Krebs had been contacted by email — his contact email is not on the home page of his site, but buried in a long, laudatory spiel about himself — and provided the correct address for my personal blog. To call it childish and puerile would be dignifying it.

krebs comment two

Aitel also took up cudgels for Kaspersky Lab, a Russian security firm whose products have been banned from use in the US public service. "We resolutely torture people and companies accused of hacking based on essentially tea-leaf reading from law enforcement (on one hand) or our intelligence organisations (in the case of nation state attribution). Kaspersky, of course, is one of those," he wrote.

But a few months back, Aitel was on a different track (listen from 34:00 onwards): "Kaspersky is an intelligence asset of the Russian Government and I'm amazed that we haven't seen action yet from the Australians, and the Germans and the Brits to do exactly what the US did – which is basically ban it. I mean, at the point when Best Buy pulls your product off the shelves, I mean someone at Best Buy got a message and a briefing from an US Government official that said, 'this has to go'.

"Listening to Kaspersky, he understands clearly what the Americans are saying about his product and he's pretending that he doesn't. On the other hand, he has 300 million reasons a year not to deal with the behaviour that they are accusing him of. He probably thought he'd never get caught.

"It's hard to believe what he is saying on Twitter and his interviews... I don't see any possibility that Kaspersky A-V is not a signals intelligence tool."

Ironically, these comments were made on a marketing podcast put out by Patrick Gray, an Australian who once used the methods of Fox News — "some people are saying" — to accuse Aitel of unethical practices.

Gray's podcast lists the week's security stories (all compiled from other sources), rubs businesses the right way and when people criticise him, he blocks them from his Twitter feed.

patrick gray twitter block2

If anything, this whole merry-go-round illustrates one thing: in infosec, as in life, all is not as it seems.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.

REGISTER HERE!

LAYER 1 ENCRYPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments