“At every level this report is a failure,” says security researcher Robert M. Lee. “It didn’t do what it set out to do, and it didn’t provide useful data. They’re handing out bad information to the industry when good information exists.” At issue is the “Joint Analyses Report” released by DHS last Thursday as part of the Obama administration’s long-awaited response to Russia’s election hacking. The 13-page document was widely expected to lay out the government’s evidence that Russia was behind the intrusions into the Democratic National Committee’s private network, and a separate attack that exposed years of the private email belonging to Hillary Clinton campaign chair John Podesta.
Instead, the report is a gumbo of earnest security advice mixed with random information from a broad range of hacking activity. One piece of well-known malware used by criminal hackers, the PAS webshell, is singled out for special attention, while the sophisticated Russian “SeaDuke” code used in the DNC hack barely rates a mention. A full page of the report is dedicated to listing names that computer security companies have assigned to Russian malware and hacking groups over the years, information that nobody is asking for.
Rather than focusing on the Russian intelligence services, the U.S. seemingly opted to gather all Russia-sourced hacking under a single rubric, code named “Grizzly Steppe,” putting everything from online bank heists to identity theft in the same bucket as the Kremlin-linked intrusions into the White House, State Department, and the DNC.
Though the written report is confusing, it’s the raw data released along with it that truly exasperates security professionals.
Join the conversation as a VIP Member