Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108notfunny

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 26 December 2017 07:03

Immunity's Aitel backflips on WannaCry claims, Kaspersky


The head of American security firm Immunity, Dave Aitel, appears to be backtracking on his claims, made in August, that British security researcher Marcus Hutchins had "something to do" with the WannaCry ransomware which hit Windows computers globally in May.

Hutchins was hailed as a hero by many after he accidentally stopped the spread of WannaCry by registering a domain that was present in the malware's code. He was later arrested in Las Vegas over alleged charges of having created a banking trojan named Kronos, along with an unnamed co-conspirator.

Aitel made the claim about Hutchins' alleged connection to WannaCry on his blog. But on 23 December, he took a step backwards, writing, "In fact, I had bet @riotnymia some INFILTRATE tickets that this would go the other way. Looks like she should book a trip! :)" @riotnymia is the Twitter handle for Emma McCall, a cyber security analyst at Riot Games.

INFILTRATE is a security conference which Aitel's company organises annually.

Aitel did not explain exactly how the rest of the world should know about his private wagers and rank them above his public pronouncements.

His comments came a few days after US homeland official Tom Bossert publicly laid the blame for WannaCry on North Korea. iTWire ran a story that pointed out this, in effect, left egg on Aitel's face given his earlier public claim about Hutchins.

I contacted Aitel on Twitter, asking, "I asked you for your take on the WannaCry announcement. You chose not to reply. You publicly claimed Marcus Hutchins was behind WannaCry. Are you now denying that?" Unsurprisingly, he has not replied.

In his 23 December post, Aitel praised Bossert, but criticised journalists at his (Bossert's) media conference for asking about the NSA link to WannaCry — one NSA exploit, ETERNALBLUE, which was leaked on the Web by the Shadow Brokers last year was used by the attackers — and also hitting out at those who asked about the US Government's Vulnerability Exposure Policy. "There was the usual blame-the-NSA VEP nonsense which he (Bossert) pushed back on strongly and (imho) correctly," Aitel wrote.

The VEP appears to be a sensitive topic with Aitel; his company follows a policy of buying exploit information from others and then using it to protect his own customers against those exploits. The companies whose products are vulnerable are never told about the flaws.

The NSA has been criticised for crafting exploits for flaws that it has never disclosed to companies. Aitel, it must be mentioned here, is a former NSA employee.

Aitel also implicitly criticised iTWire for saying he had egg on his face, pointing out, "A more balanced approach was taken by TechBeacon taking into account Brian Kreb's article." This is the same Krebs who quietly pulled an article in which he had claimed a Russian link to the Shadow Brokers leak, publishing a note about it at the end of another article and disabling comments on that piece. Well-known blogger Marcy Wheeler has questioned whether Krebs had some kind of agenda in writing this article.

When Krebs was asked about it in the comments on his next article, personal slurs suddenly started appearing under fake names.

krebs comment one

The comment below appeared after Krebs had been contacted by email — his contact email is not on the home page of his site, but buried in a long, laudatory spiel about himself — and provided the correct address for my personal blog. To call it childish and puerile would be dignifying it.

krebs comment two

Aitel also took up cudgels for Kaspersky Lab, a Russian security firm whose products have been banned from use in the US public service. "We resolutely torture people and companies accused of hacking based on essentially tea-leaf reading from law enforcement (on one hand) or our intelligence organisations (in the case of nation state attribution). Kaspersky, of course, is one of those," he wrote.

But a few months back, Aitel was on a different track (listen from 34:00 onwards): "Kaspersky is an intelligence asset of the Russian Government and I'm amazed that we haven't seen action yet from the Australians, and the Germans and the Brits to do exactly what the US did – which is basically ban it. I mean, at the point when Best Buy pulls your product off the shelves, I mean someone at Best Buy got a message and a briefing from an US Government official that said, 'this has to go'.

"Listening to Kaspersky, he understands clearly what the Americans are saying about his product and he's pretending that he doesn't. On the other hand, he has 300 million reasons a year not to deal with the behaviour that they are accusing him of. He probably thought he'd never get caught.

"It's hard to believe what he is saying on Twitter and his interviews... I don't see any possibility that Kaspersky A-V is not a signals intelligence tool."

Ironically, these comments were made on a marketing podcast put out by Patrick Gray, an Australian who once used the methods of Fox News — "some people are saying" — to accuse Aitel of unethical practices.

Gray's podcast lists the week's security stories (all compiled from other sources), rubs businesses the right way and when people criticise him, he blocks them from his Twitter feed.

patrick gray twitter block2

If anything, this whole merry-go-round illustrates one thing: in infosec, as in life, all is not as it seems.

Read 9258 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News