Security Market Segment LS
Friday, 31 May 2019 09:31

Immunity's Aitel accused of conflict of interest by security expert

By
Immunity's Aitel accused of conflict of interest by security expert Image by Gerd Altmann from Pixabay

The row between information security professionals and The New York Times, over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue, has moved in a different direction, with some of the infosec people themselves coming under attack – from their peers.

One of the people who attacked the NYT was former NSA hacker Dave Aitel, who runs a security company known as Immunity that was acquired by Cyxtera Technologies in January. Aitel said that the ransomware involved in the Baltimore attack was a strain known as RobinHood that had nothing to do with EternalBlue.

He had several other criticisms, too, all of which can be read here, including a very personal attack on the two journalists who wrote the story.

"Recently a misleading and terribly researched article by Nicole Perlroth and Shane Scott came out in the NYT which essentially blamed the NSA and EternalBlue for various ransomware attacks on American city governments, including Baltimore. This then ballooned to PBS and the BBC and a bunch of other places, all of which parroted its nonsense," Aitel wrote.

Aitel has now come under attack from security industry pioneer Chad Loder, the founder and chief executive of Haibut8, a security awareness training firm.

In a tweet, Loder told Aitel that if he was going to criticise a journalist for hype, then he should first disclose his own conflicts of interest.

"You own a company in the exploit market that @nicoleperlroth has been asking hard questions about," Loder added.

Aitel's firm, Immunity, has a business model of discovering or buying exploits and then using that knowledge to protect his own customers. The exploits are never revealed to the companies whose software is affected, something that mirrors the practice of the NSA.

Loder added in another tweet: "I’m not suggesting that private exploits are bad, nor that their markets or market participants are bad. Only this: clear conflicts of interest should be disclosed up front, especially if you are claiming hype. Otherwise, folks read what we write and take it at face value."

To which well-known British security researcher Kevin Beaumont replied: "I mean if Dave is doing line by line analysis of inaccurate reporting on his blog, he might like to look at his blog post about MalwareTech creating WannaCry."

What Beaumont referred to was covered by iTWire: Aitel had alleged that British security researcher Marcus Hutchins has a role in creating the WannaCry ransomware and then later indirectly recanted his claim after the US Government stated that North Korea was behind the malware.

iTWire contacted Aitel for comment, but he did not respond. However, this morning he put out a tweet that appeared to be relevant, stating: "The reason I respond to the issues around export control and exploits is because they speak to our fundamental rights, not because I have skin in the game, which I do not."

Meanwhile, Perlroth, who wrote a long Twitter thread defending the article she had authored along with Shane Scott, did not do her own reputation much good by lifting three paragraphs from an iTWire article and tweeting them (shown below) without any attribution.

These were quotes from ex-NSA hacker Jake Williams, a frequent commentator in these columns, and appeared to buttress the claims that Perlroth had made in the NYT article.

iTWire contacted Perlroth asking why she had lifted material and not attributed it to the source, but she did not respond.

Update, 2 June: Perlroth contacted the writer on Twitter and put out a tweet on 1 June, attributing the material to this writer, but neglected to mention the source – this article.

After this was pointed out, Perlroth later finally linked to the source.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments