Steve Ragan reports:
A hacker claiming responsibility for the DNC hack that made headlines earlier this week has slammed the security company responsible for the incident response, and leaked several documents compromised during the incident – including a 235-page opposition memo on Donald Trump.
On Tuesday, the Washington Post reported that hackers – believed to be Russian – compromised the Democratic National Committee network and walked off with opposition research on Republican presidential candidate Donald Trump.
[…]
The hacker claiming responsibility for the DNC attack (using the alias Guccifer 2.0) mocked CrowdStrike’s assessment that he was a sophisticated hacker group, noting that he was pleased the company “appreciated my skills so highly. But in fact, it was easy, very easy.”
Read more on CSO.
Half the problem with these sort of breaches is that the forensic company that is hired typically goes out on a limb and states something that is probably not true. Its a canned comment to make people feel at ease and hopefully they will forget about the problems related to the hack.
It’s unclear who exactly is behind this hack, but it sounds like the hacker is either playing head games with the forensic company that was hired, or he is simply speaking the truth and is not related to any agency.
The company that was hired to do the analysis on the hack can simply reword their canned speech at any time. Its the comapnies word against a hacker, and supposedly, the evil side is the hacker. But if the hacker can dump files and support their claim, then the egg is on the forensic company that clearly speaks with a forked tongue.
Should there be significant amount of emails and other documents that were on Clinton’s server, and they indeed are on wiki leaks in a short period of time, the timing could not be worse (better if your not a clinton supporter) than a short period of time before elections. This will be brought back to the front and center, and it may well force the hand of the government to do something about the issue since foreign nationals have these documents and the US supposedly does not.
Sure, it all has to be proven that these emails can be linked to clinton, and that they came from the clinton email server. Something tells me that its probably going to be very evident that the candidate has been lying all along. Time will tell.
I work in network security. Over the years in this field you learn a few things about a relationship between a customer and a forensic company. They aim to lessen the concerns about the breach, leak, hack or lost data. It sems like they are obligated to down play the situation even before the final report is released. I do not agree with this what so ever, and its a bad practice to take when something like this can be proven otherwise. Now instead of the hacker having some control on what would be released, now all of the data that was not released is smeared all over the internet. Nice going. The forensic company simply offers a “thats my story and I am sticking to it”, even though they will probably be proven wrong. It’s tough to track such slippery tactics, but some one should. It’s deceptive to the clients and public, while the place that was hacked and the company that was paid are the winners and the information that was private, or classified is now out in the open.
Crazy strategy that backfired big time.