Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Sunday, 03 June 2018 07:51

The US creates 'nice' malware. In other news, the sun sets in the east...


A statement by the head of security firm FireEye that US government spooks produce "nice" malware when compared to that of other states has been reported by the American tech news website Cyberscoop – and allowed to pass unchallenged.

FireEye chief executive Kevin Mandia told a forum — organised by Scoop News Group, the parent organisation of Cyberscoop — that certain features within the malware produced by nation states indicated the country that was involved.

He was quoted as saying: “We find malware that sometimes has a time to live and then it doesn’t run anymore. I wonder who would do that. Probably [the US] because we’re the nicest hackers in cyberspace, besides maybe China.”

Cyberscoop had a chance to quiz Mandia about these remarks because its report, written by staffer Zaid Shoorbajee, mentioned that he had spoken to Mandia after the speech. But Mandia's views went unchallenged.

Even a statement that the company would tip off intelligence officials from the Five Eyes countries — the US, the UK, Canada, Australia and New Zealand — before publishing a public threat intelligence report, did not cause any raised eyebrows.

Other security companies do not follow this procedure as is evident from the tweet below.

That such propaganda has gone unchallenged is perhaps because these forums are part of the business model of the Scoop News Group, which advertises its events as "Five hundred billion dollars of direct IT influence are in this room", adding that 70% of the attendees are from the government and that it has so far secured 3000 VIP speakers for its events.

sccop news

Scoop News Group also makes money from what it calls disruptive studies, thought leadership articles, tech briefs and multimedia campaigns. How these activities can co-exist side-by-side with forthright journalism is puzzling.

One Cyberscoop reporter Chris Bing tweeted out a link to the article on Mandia's remarks, adding: "To be clear: the story says that there's a heads up before the publication of public intel reports (think APT 1 report). When encountering *suspected* Five Eyes malware they detect/stop. Redline is around public disclosure. And even then, it's pretty tough to attribute anyways."

The article mentioned the disclosure of the Slingshot malware at Kaspersky Lab's Security Analyst Summit in March. A Cyberscoop report later cited unnamed intelligence sources as claiming that Slingshot was US-crafted malware and aimed at what the source said were terrorists.

When Ryan Naraine, a former reporter at ZDNet and also a former Kaspersky Lab employee, asked Bing whether he saw anything "marginally problematic with this approach", Bing quickly went on the defensive.

After clarifying that Naraine was asking for his opinion, Bing tweeted out a sanctimonious reply: "My job is to break news and accurately report things with the help of my editorial team. It's not to have opinions. What I can say is that I am driven to report on important subjects in this space, regardless of who is involved."

To which former Wired reporter Kim Zetter responded: "You want to have stories that are balanced, but that doesn't mean the reporter doesn't have opinions. Like it or not, reporters/editors express their opinions in the headlines they choose, their choice of quotes and the context they do or don't include in stories."

Bing's views were endorsed by his current colleague, Shaun Waterman, who responded to Zetter: "Up to a point. A wise old bird at the BBC once told me: 'Shaun, the listeners don't care what you think. they care what you KNOW.' It's knowledge, not opinion, that makes a great journalist."

As a government broadcaster, it is obvious the BBC would have a different perspective on opinion. The government-funded ABC in Australia has a similar stand on opinion as the Beeb.

It is ludicrous to think that malware, no matter who propagates it, can act "nice" towards some part of the population and viciously towards others. It is a danger to all and sundry. Lower down in the article about Mandia, Cyberscoop very briefly mentioned that other unnamed experts claimed the US was as unruly and wild as far as its malware was concerned, with the case of Stuxnet cited as an example.

There are numerous security companies in the US that seem to tailor what they publish towards the needs of government. One of these companies, Recorded Future, put out research just before the summit of the Koreas, about North Korean activities in cyber space.

A second report, issued just before US President Donald Trump was due to pronounce on the Iran nuclear deal — he cancelled it — claimed that Iran would retaliate by stepping up its online attacks. Nothing of the sort has happened.

Both the North Korean attack report and the Iran one were sent to iTWire prior to publication; we ran the former but then I thought the second one looked just too much of a coincidence. So I held off.

Another case of a security company trying to push a line came to the fore last year when a Washington-based company InGuardians slipped a report to former Washington Post employee Brian Krebs, containing claims about the identity of the person behind the leak of NSA exploits by the Shadow Brokers.

Krebs ran the story in great detail and then suddenly took it down. He mentioned the takedown at the very end of a story he wrote about the arrest of a Vietnamese American who had pleaded guilty to taking masses of NSA material home. Comments were not allowed on this article, presumably to avoid criticism of his earlier claim.

When iTWire quizzed Krebs as to the reasons for his taking down the article, he did not provide a reply, indulging instead in personal slurs. Krebs' agenda in writing up the InGuardians "research" was questioned by well-known security blogger Marcy Wheeler.

And, of course, there are numerous security companies which have tried to push the "Russia hacked the DNC" claim, without offering evidence of the same.

It is perfectly fine for publications to report claims made by public figures, no matter where, when and on any topic. But it is also the duty of said publications to offer a perspective that perhaps such claims could be overblown. A hands-off attitude is what led to one of the great recent disasters in US foreign policy: the invasion of Iraq in 2003.

In the case of Mandia and Cyberscoop, the journalistic side of operations appears to have been somewhat compromised by the fact that the FireEye chief made his remarks at a forum organised by the owner of Cyberscoop.

One of the top investigative reporters in the US, Seymour Hersh, has just released a memoir titled Reporter. Therein, according to a review by Rolling Stone's Matt Taibbi, he tells the tale of how the CIA tried to feed him information about Jonathan Pollard, who was caught spying for Israel.

At a time when then US president Bill Clinton was rumoured to be preparing a pardon for Pollard, Hersh was invited to the CIA and shown masses of intelligence that Pollard had sold to Israel. Doubtless, the CIA spooks wanted Hersh to write about it and make the case for not issuing a pardon to Pollard.

Though the story would have been a major one, Hersh was not comfortable with being fed information this way. "I was very ambivalent about being in the unfamiliar position of carrying water for the American intelligence community," he writes. "I, who had worked so hard in my career to learn the secrets, had been handed the secrets."

Taibbi commented: "This offhand line explains a lot about what has made Hersh completely embody what it means to be a reporter. The great test is being able to get information powerful people don't want you to have. A journalist who is handed something, even a very sensational something, should feel nervous, sick, ambivalent. Hersh never stopped feeling that way, remaining an iconoclast and a thorn in the side of officialdom to this day."

One can't help feeling that there's a lesson somewhere in there for people who report whatever officialdom tells them without stopping to question the claims being pushed.

Many journalists like to be well-known, and forget completely that they are part of the fourth estate, not some arm of industry meant to support national governments. As I've written before, it's best to remember that we are just filling up the spaces between the advertisements and therefore it is advisable to disabuse ourselves of any sense that we are the story. A journalist is an outsider, not an insider. That's a tough path to hoe. But it means the difference between a journalist and a stenographer.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments