The cyber firm Crowdstrike has been one of the main proponents of allegations that Russia interfered in the 2016 American presidential elections using their cyber capabilities. The analysis performed by Crowdstrike was relied on almost exclusively by the Democratic National Committee (DNC) to establish their claims of “Russian hacking.”
It has subsequently been revealed that Crowdstrike has in the past both misrepresented data in an attempt to frame the Russian government for cyber attacks and also failed to account for known capabilities of third parties which enable them to impersonate Russian hackers. The founder of Crowdstrike is also tied to the Atlantic Council, a think tank supported by George Soros which has been accused of accepting funds in exchange for support of favored policy positions as well as promoting disinformation and propaganda attacks against anti establishment figures.
I. Crowdstrike’s Claims Of Russian Hacking Cannot Be Independently Verified By Government Agencies, Ignore Known Attribution Techniques
On June 14, 2016, Crowdstrike published a study commissioned by the DNC, in which they accused the Russian government of breaching the DNC’s computer systems. The DNC’s choice to rely on Crowdstrike exclusively was incredibly controversial. CNN reported that the DNC actually refused to grant the FBI access to their servers despite the agency’s explicitly stating that they could conduct a satisfactory investigation if they were forced to rely on third party data. The report by Crowdstrike stood as one of the first definitive authorities which has found evidence of Russian cyber infiltration or electronic meddling in the 2016 elections. Rather than confirm the notion that Russia interfered in American elections, a number of other developments since Crowdstrike’s report have cast increasing doubt on their claims and in fact have suggested that they may be part of a widespread attempt to push disinformation for financial gain and benefit to the group’s clients and affiliates.
Alarming indicators that Crowdstrike may have been promoting the idea of “Russian hacking” out of ulterior motives began to emerge almost immediately after their report was released. On July 28th, 2016, The Washington Post reported that Crowdstrike was one of a number of cyber security firms making a large profit thanks to widespread fears about Russian hackers. Beyond running a report which would satisfy the DNC, the drumming up of fear about Russian cyber menaces created a blatant potential conflict of interest for Crowdstrike.
Crowdstrike’s analysis also ignored known capabilities, since publicized by Wikileaks in their Day Zero and Marble releases from the Vault 7 series, which have proven the existence of cyber capabilities that allow programmers to mask the identity of their malware and masquerade it as belonging to foreign intelligence agencies and mimic their online attack methods. They have also shown that many programmers have the ability to create an appearance of ‘false attribution’ which gives the impression that the malware was created by another country, even mimicking the native language of the host country they intend to attribute the attack to.
II. Crowdstrike Has Misrepresented Data In Order To Push Anti-Russian Narratives
On December 22nd, 2016, Crowdstrike ran another report, alleging that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s civil war with Russian-backed separatists. The report was intended to buttress its claims of Russian hacking in the presidential election. The report was immediately contested by Yaroslav Sherstyuk, maker of the Ukrainian military app in question, who called the company’s report “delusional.” On March 23rd, 2017, Voice of America (VOA) ran a damning piece citing British think tank the International Institute for Strategic Studies (IISS), who stated that CrowdStrike erroneously used IISS data as proof of the intrusion. Furthermore, the IISS disavowed any connection to the CrowdStrike report. The Ukrainian Ministry of Defense also claimed that the combat losses and hacking never happened, meaning that Crowdstrike had apparently fabricated facts and details in the report completely.
Crowdstrike told VOA that they stood by their findings. But the next day VOA noted that Crowdstrike had altered their report, deleting key assertions they had made in the report about Ukrainian army losses, claims that a malware infection contributed to artillery losses and a link to IISS data which they had cited. The humiliating redactions apparently came after Crowdstrike had spoken with an IISS research associate for defense and military analysis. The apparent misrepresentation of data which had been intended to support Crowdstrike’s claims of Russian hacking creates serious questions about the merits of their claims that Russia was behind alleged hacks of the DNC’s computer systems earlier that year.
III. Crowdstrike Has Ties To The Soros-Supported Atlantic Council
Further investigation has revealed that Crowdstrike has deep ties to a think tank which has a history of pay to play practices and a track record of seeking to foment confrontation between the United States and Russia. Crowdstrike founder Dmitri Alperovitch acts as a Senior Fellow for the Atlantic Council. In February, Disobedient Media reported that the Atlantic Council has a troubling history of taking money from foreign special interest groups and government agencies in return for pushing propaganda to support various initiatives around the globe. The New York Times has named the Atlantic Council along with the Brookings Institution and the Center for Strategic and International Studies as being think tanks which have made undisclosed “agreements” with foreign governments. The article denounced the Atlantic Council for having “opened a whole new window into an aspect of the influence-buying in Washington that has not previously been exposed.”
In May 2016, a report by the Associated Press identified the Atlantic Council as one of a number of think tanks which had received funding from the Ploughshares Fund, which was a major player in efforts to sell the Iranian nuclear deal to the American public. The Ploughshares Fund is financed by George Soros’ Open Society Foundation. The Atlantic Council consistently promotes hostile, anti-Russian rhetoric. The organization has also promoted unsourced and unfounded claims that Russia was responsible for “hacking” the 2016 U.S. presidential elections despite the fact that this conspiracy theory has been resoundingly debunked by various authorities in the intelligence community and by multiple media sources. The Atlantic Council, unfazed by the evidence that their claims of hacking were false, have continued to promote these falsehoods in the aftermath of the election in what appeared to be a possible effort to undermine American democratic institutions.
The tight relationship between Crowdstrike and a think tank which also has a long track record of promoting unproven claims about Russian hacking, their failure to account for false attribution techniques commonly used by programmers to frame other countries for hacking attacks and their history of making factually untrue and misleading claims about Russian hacking creates concerns about their ability to objectively report on whether or not the DNC’s servers were breached by a foreign actor during the 2016 elections. Their association with the DNC comes at a time when the party has been attempting to craft a narrative of alleged Russian hacking to support their election bids in the upcoming 2018 U.S. midterm elections and delegitimize the victories of their political opponents in 2016.
The Atlantic Council’s past relationship with George Soros is also problematic given that Soros has deep financial ties to groups organizing resistance movements as part of an attempt to enact regime change in the United States. As former CIA Director Michael Morell, James Clapper and the Office of the Director of National Intelligence have all clearly stated that there is not, nor has ever been any evidence that Russian hacking affected any election results in the 2016 U.S. Presidential Elections, the efforts of Crowdstrike to promote claims to the contrary raises serious questions about their research as well as the intentions of the DNC in preventing neutral federal regulatory agencies from examining their servers firsthand to verify the claims.