Dan Wright and Joanne Leon of Shadowproof interview [shadowproof.com] cybersecurity expert Jeffrey Carr about Crowdstrike’s controversial claims on successfully identifying Russia as the actor that hacked the Democratic National Committee:
The evidence has always been thin despite U.S. intelligence agencies ultimately supporting the claim.
Carr discusses Crowdstrike’s history of bad calls, including having to recently rewrite a report on alleged Russian hacking in Ukraine. The Ukrainian government as well as other cybersecurity experts heavily disputed Crowdstrikes initial claims.
Carr also offers a broader view of the cybersecurity industry and why firms like Crowdstrike are incentivized to often make specious claims concerning attribution of a hack. For firms like Crowdstrike, there’s no financial downside in pretending to be able to attribute a hack as the nature of cyber makes it hard to prove or disprove an attribution. Additionally, each report serves as marketing material for future clients.