Jeffrey Carr, author of Inside Cyber Warfare, wrote on Friday that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at New America, argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details.
The report, Carr says, lists hacking groups previously suspected of Russian government ties, mostly identified by commercial security firms, “without providing any supporting evidence that such a connection exists.” That evidence may still remain classified, but Carr says that if so, it should be reviewed by an independent commission, because the White House targeting of Russia “is looking more and more like a domestic political operation run by the White House”.
Lee is much less skeptical of the White House, calling the accusations against the Russian government “a strong and accurate statement.” But he highlights extensive sloppy mistakes and limited practical data in the Grizzly Steppe report. A list of names used to identify hacking campaigns, such as APT28 and COZYBEAR, inexplicably mingles in the names of both malware tools and capabilities. Data intended to help network administrators block attacks is missing vital IP addresses and attack timelines.
Join the conversation as a VIP Member