White House Says Iraq Has WMD Russia Created Cyberattack


White House Says Iraq Has WMD Russia Created Cyberattack

Late last night the White House accused the Russian military of having launched the destructive “NotPetya” malware which in June 2017 hit many global companies:

Statement from the Press Secretary

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.

The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

The statement has the same quality as earlier statements about Spain sinking the Maine or about Saddam’s Weapons of Mass Destruction had.


There is, in general, no attribution possible for any such cyber attack. As John McAfee, founder of an anti-virus firm, said:

“When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something – that’s a fallacy,” said McAfee. 

Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code. “I would use Russian techniques of breaking into organisations so there is simply no way to assign a source for any attack – this is a fallacy.” 

I can promise you – if it looks like the Russians did it, then I can guarantee you it was not the Russians.”

I agree with McAfee’s statement. The CIA must likewise agree. Wikileaks has released a number of CIA cyber tools it had obtained. These included software specifically designed to create false attributions:

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

Nearly all “attributes” used for attributing a cyber attack can be easily faked to accuse a party not involved in the attack.

The British National Cyber Security Center, part of the British computer spying organisation GCHQ, also claims that the Russian military is almost certainly responsible for the NotPetya attack. Canada and the Australians also chipped in.

But note – these are NOT independent sources. They are, together with New Zealand, part of the of the “Five Eyes” spying alliance. From NSA files released by Edward Snowden we know that the Five Eyes are practically led by the U.S. National Security Agency:

One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

Menwith Hill is a Royal Airforce spying station and part of the GCHQ infrastructure. That the head of the NSA can assign “summer projects” to it shows were the real power lies.

The Russian government strongly rejects the accusations.

NotPetya was a destructive virus that masked as ransomware. It was based on attacking tools which originally had been developed by the NSA but were later published. One of several attack vectors NotPetya used was some tax accounting software which is common in Ukraine and Russia. But the attack soon spread globally:

The attack hit Ukraine central bank, government computers, airports, the Kiev metro, the state power distributor Ukrenergo, Chernobyl’s radiation monitoring system, and other machines in the country. It also affected Russian oil giant Rosneft, DLA Piper law firm, U.S. biopharmaceutical giant Merck, British advertiser WPP, and Danish shipping and energy company Maersk, among others.

The biggest damaged through NotPetya occurred at the Danish shipping company Maerskwhich had to completely reboot its entire infrastructure and lost some $250-300 million due to the attack.

The question one must always ask when such accusations are made is why would the accused do this?

In January the U.S. attribution claims about the NotPetya malware were prelaunched through the Washington Post:

The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that country’s financial system amid its ongoing war with separatists loyal to the Kremlin.

The GRU military spy agency created NotPetya, the CIA concluded with “high confidence” in November, according to classified reports cited by U.S. intelligence officials.

The hackers worked for the military spy service’s GTsST, or Main Center for Special Technology, the CIA reported. That unit is highly involved in the GRU’s cyberattack program, including the enabling of influence operations.

What could have been the motive of the “Russian military” to release a (badly written) malware that destroys computer-files of random companies all over the world including the at the all important Russian oil-giant Rosneft. To assume that Ukraine’s financial system was the target is almost certainly wrong.

Only some 50% of the affected companies were in Ukraine. Most of them were not financial firms. The attack was initiated through an update mechanism of an accounting software that is also used in Russia. That original attack vector was probably chosen simply because it was easy to use. The first infected computers then applied a different mechanism to spread the malware to other machines. The attack was launched on a Ukrainian national holiday which is not optimal if one wants to spread it as wide throughout the Ukraine as possible.

That the Ukraine and Russia were hit first by the malware was also likely just a time-of-day question. The timeline shows that the U.S. and most of western-Europe were still asleep when the virus started to proliferate. The anti-virus organizations, the Russian company Kaspersky among them, took only a few hours to diagnose the attacking software. A solution to prevent further damage was found within some twelve hours. By the time the U.S. working day started anti-virus companies were already releasing advise and protective code against it. If the attack had not been stopped by protective software it would have effected many more computers. Most of these would not have been in the Ukraine.

The U.S. attribution of the NotPetya attack to some Russian organization is extremely doubtful. In general a certain attribution of any such cyber attack is impossible. It is easy for any sophisticated virus writer to modify the code so that it looks as if it was written by some third party. The CIA even developed tools that do exactly that.

The attacking software seemed to be of relatively low quality. It was a badly designed mishmash created from earlier known malware and tools. It was not confined to a certain country or target. It can be best described as an act of random vandalism on a global scale. There is no discernible motive for any Russian state organizations to release such nonsense.

In 2009 Russia offered an international treaty to prohibit cyber attacks. It was the U.S. under Obama which rejected it as “unnecessary” while it was expanding its own attack capabilities.

The U.S. government has launched a Cold War 2.0 against Russia. The motive for that seems to be mostly monetary. Hunting a few ‘terrorists’ does not justify big military budgets, opposing a nuclear power does.

The now released accusations against Russia have as much foundation in reality as the claims of alleged Iraqi WMDs. We can only hope that these new accusations will have less severe consequences.


Source Article from http://feedproxy.google.com/~r/blacklistednews/hKxa/~3/BzTVpx9q_oc/white-house-says%C2%A0iraq-has-wmd%C2%A0russia-created.html

Views: 0

You can leave a response, or trackback from your own site.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes