Jeffrey Carr, an international cybersecurity consultant, discusses the low evidentiary standard the US government and media has used to make very serious accusations about Russian hacking of Ukrainian military software and, by extension, the DNC emails. Carr says that CrowdStrike’s cybersecurity report – the basis for all these accusations – is the worst he has ever read.
Podcast: Play in new window | Download
Hey, I'll check out the audio book of Lou Rockwell's fascism versus capitalism narrated by me Scott Horton at audible.com It's a great collection of his essays and speeches on the important tradition of Liberty from medieval history to the Ron Paul revolution Rockwell blasts our status enemies profiles our greatest libertarian heroes and prescribes the path forward in the battle against Leviathan fascism versus capitalism by Lou Rockwell for audio book find it at audible Amazon iTunes or just click in the right margin of my website at Scott Horton org All right, y'all Scott Horton show check out the archives at Scott Horton org 4,000 something interviews now going back to 2003 for you There and all the latest stuff gets posted first at the Libertarian Institute Libertarian Institute org Scott Horton show follow me on Twitter at Scott Horton show.
All right introducing Jeffrey Carr He is a computer security expert and he is the founder of the suits and spooks Security conference that they do semi-regularly here.
The next one is coming up in Los Angeles at the end of November At the big auto show there the suits and spooks Conference welcome back to the show.
How are you doing Jeff?
I'm doing well.
Thank you.
Okay, good good Listen, I appreciate you joining us today.
I won't take up too much of your time, but I was just thinking Probably now is a good time to rehash just a little bit of what you think The average Joe Scott Horton show listener needs to know About what we do know and don't know about Russian hacking and interference in our election here.
It's already April we've had a hell of a lot of narrative and not too many facts and I was just hoping you could help provide a little bit of necessary professional perspective for us here Thanks, and you know, it's really nothing has changed from last December the The company the primary driver for this is a company that's called CrowdStrike.
They probably published the very worst Piece of intelligence ever that I've ever read in the history of cyber intelligence reports on this Ukraine this alleged Hacking by the GRU of a Ukrainian military app This was supposed to be the nail driven into the coffin of Russian government involvement in the DNC hack But it turns out that they had all of their facts wrong.
They cannot They are refusing to discuss it with the press anymore.
They are refusing to testify publicly Before a congressional hearing they have walked back their claim of a percent Destruction of howitzer cannons on the part of Ukraine's military the IISS has disavowed Their data that was misused by CrowdStrike.
The developer of the app has consistently Maintained that none of his users none of the other soldiers have Have been compromised by this malware.
I mean, it's just that it was so ridiculous And now finally it's getting more coverage by a voice of America and by Most recently the Daily Mail and hopefully it will continue to unravel.
So and on that artillery story once once the voice of America of all people once they did the investigation and debunked that then CrowdStrike themselves walked it back and and Abandoned that particular set of claims about the artillery malware, correct?
Well, they only they only walked back the The claim that 80% of the howitzers were impacted now they're they have since rewritten the report to say maybe 15 to 20 percent and they use the you know, very fuzzy language even with that but but really the entire the entire claim of These Devices used by the Ukrainian artillery men to help calculate their distance As being compromised is is without any basis in fact at all So this is this this raises serious questions about whether you can believe anything that company reports on According to the the voice of America story They actually when they contacted the Ukrainian military They said well, we haven't had any malware any compromise any artillery pieces lost to anything like this There's not even a kernel of truth to it, right?
That's right Yeah, the Ukrainian government issued a statement and and you know, it's not like there's no side effect It's not it's not as if there were no note There was no harm done by the publication of this false Report by CrowdStrike there was harm done, you know, it harmed the morale of the soldiers It harmed the work Of the Ukrainian military officer that wrote the app because it questioned whether or not his app was Reliable, you know and which means less people will be would have used it Keep in mind.
This is not a rich country These are a lot of the soldiers are volunteers a lot of times when they a lot of them don't even use Smartphones they use tablets that have been Given to them, you know donated to them The you know a bit a powerful very wealthy US cybersecurity company needs to exercise even a smidgen of due diligence before Publishing these kinds of reports that get international coverage and journalists that cover them Right.
They they they cover them sort of blindly, you know, they don't use a skeptical voice and Even when we now know that much of that report was false if not all of it The the media that gave them coverage in the beginning is is is silent Right.
So right now you characterize this as it was supposed to be the the nail in the coffin.
This was the Cooperation.
This was what really proved what CrowdStrike had already said that we have traced a PT 28 and 29 I learned that means 28 and 29 I learned that means aggressive persistent threat not apartment Thanks Twitter APT 28 and APT 29 why we just know that though that's the GRU the Russian military and that's the FSB the Russian the now KGB their CIA security services and and so this artillery thing just Escalated their confidence from high to ultimate or something like that But so maybe they're still right about APT 28 and 29 regardless of this artillery piece story, what do you think of that?
Yeah, and so that there's still nothing has really changed from the original DNC story, so the there's still no technical evidence just like there wasn't last summer which connects the GRU or the FSB to The malware that was used against the DNC.
There is zero Technical evidence to support that in fact the finding of the US Intelligence Committee is more focused on the release of the stolen documents from WikiLeaks, so and that is simply that this would be of interest or this would be something that you would expect an intelligence service to do and So they they really they they resulted, you know, they looked at the full picture and because this is what intelligence services do Meaning try to influence the outcome of an election the US does it all the time?
So do other countries so does Russia, of course?
So therefore that that's that's I believe why they came to the finding that they did short of any classified Knowledge, which no one has shared in which I have no way of knowing But certainly there has never been any technical evidence to support that claim and continues not to be any technical evidence today It doesn't mean that Russia didn't do it.
Of course, let's be clear about that There's no way to say it was not the Russian government.
Right?
I you can only say there's no evidence that that Connects the Russian government.
There's no technical evidence that connects Russian government to the hack of the DNC Hey, I'll Scott Horton here for Wall Street window comm Mike Swanson knows his stuff He made a killing running his own hedge fund and always gets out of the stock market before the government generated bubbles pop Which is by the way what he's doing right now selling all his stocks and betting on gold and commodities Sign up at Wall Street window comm and get real-time updates from Mike on all his market moves It's hard to know how to protect your savings and earn a good return in an economy like this Mike Swanson can help follow along on paper and see for yourself Wall Street window comm All right.
Well, okay, so Marcy Wheeler who's good on everything and she's so smart.
I can't understand a lot of the stuff.
She writes or keep up with it all But she seems to think that she's skeptical too, but she seems to think that yeah, there's enough evidence I think to believe that apartment 28 is the GRU going back to previous days Maybe previous years that sort of people in this industry know that this really is the Russians and that I guess and I can't keep it all straight Jeffrey between you know Guccifer to here and DC leaks there and whatever but They're saying that she was saying I think that there was Real reason to believe that this was the Russians that were at least involved in one of the other hacks I guess the DNC hack and that it did seem to And I'm not sure for all the different reasons Did seem to be the same people as this a PT 28 and the a PT 28 seems to be GRU from way back now to me.
This could mean it's just turtles all the way down I don't you know, it sounds maybe like it's question-begging.
But then again, maybe there is some hard science that back in whatever year Said that no We do know that this is the GRU and now we can compare what they're doing then to what they're doing now that kind of Do yeah.
Well if that's the case if there are if there if anybody believes that they have evidence that Connects to the two then they should present it but so far nobody has Marcy is a great marshy's great I've talked to her many times But I know for sure that she is not seeing any any technical evidence that connects the two neither have I Neither has anybody that I know including the people who believe that it was Russia.
So they it all comes down to a belief It's just like believing in God, you know, can you prove the existence of God?
No, does that mean he doesn't exist?
No.
Well, I guess what I'm asking is how educated of a guess is it?
You know what?
I mean?
Yeah, it's it doesn't really matter to me.
Yeah, okay the problem here is the problem here is is that When when it comes to to making a claim from what between governments?claims between people You know, it no harm done right no harm done unless the claim is like, you know child abuse or animal abuse or or Something we're setting a fire where people were injured, you know, like those claims, of course, yes harm is done but to say, oh, I you know, I My personal opinion is the Russian government did it your opinion is they didn't no harm done It's just an argument but when one government accuses another government of something like this then harm can be done because Today cyber attacks are considered use of force So there are real-world implications when there is a charge levied Right and then when there are sanctions economic sanctions then innocent people get hurt So we need to make sure even though there may be maybe they did maybe they didn't before One government accuses another government and before there are real-world implications real-world Actions with causes and with harm that the evidence the level the bar the bar of evidence right has to be high It can't just be it feels like it was Russia, you know in my opinion that's not that should not be sufficient so That's by that's I think that's what we want to do We want to strive for higher quality of evidence when it comes to one government blaming another government well, I think when we talk before you emphasize that Crackers, which is I guess the proper name for the people we're talking about here These crackers that this is part of the game It always is is to frame up somebody else and to leave breadcrumbs that would disguise Your crack as having been done by somebody else first You stop in a server in Zimbabwe then one in China then one in Russia and only then do you attack the Germans or whatever?
It is that you're up to right?
Yeah, I personally don't use the word cracker I just can't I'm tagged maybe I'm too old it just I Just can't bring myself to use the word I was corrected recently that so you're you're saying that the proper just Everybody's a hacker now.
All right, it may be yeah, I mean that it may be it may be right I just can't bring myself to you.
You know what an offended hacker emailed me, but I get it.
Yeah.
Hey, that's okay You know what?
There's worse things to be offended by than being called a hacker or versus a cracker.
So my view Yeah, you definitely don't want to leave leave breadcrumbs I point back to you that's just stupid it's always been it's like it's like You know expecting the NSA The NSA is a TAO division that does their offensive work that they would be working from their keyboard in Fort Meade You know or from their keyboard in Hawaii or wherever they happen to be whatever NSA office they happen to be working out of that.
They're good just gonna use their desktop laptop And the server inside NSA headquarters to launch their attacks, well who does that, you know, who is that stupid?
We certainly aren't but yet we seem to think that the Russians are So and then on the other hand, they're there.
They're extremely sophisticated.
So you can't have it both ways you know and there are hackers that are that are so stupid that they Will launch attacks from their their bait their moms So, you know home in their little room in the basement on their mattress And their 400-pound self like Donald Trump is you know has suggested Yeah, there are people that are that dumb absolutely, but but if you're talking about a foreign government's intelligence service or the GRU, which frankly is, you know, not not Not a bunch of dummies at all.
In fact, they're Spetsnaz is their special operations team that come out of GRU I would say anybody in the spec ops world knows that you don't around with Spetsnaz soldiers And yet they expect their hackers to be idiots.
It's just you know, it's ridiculous All right.
Now, I'm sorry.
I'm afraid I'm keeping you too long I know you're kind of in a hurry, but let me just ask you real quick here You've said before I guess you said today that it can be really hard to prove Something like this It may be impossible Most of the time to to prove after the fact by going back and just doing detective work to really find out Where something like this occurred or who's behind this because as we're talking about how easy it is to frame up somebody else just put Iron Felix's name in there and everybody screams Russia, right?
But yeah, so on the other hand though I'm hearing from William Binney who was a former, you know, I don't know what at NSA But they say that he built the modern NSA infrastructure of global interception He's the the guy that the Nick Cage characters based on in the new Snowden movie and and Benny He said, you know, he's been retired since o2 or something like that But he says look there's just no question that if the GRU did this Never mind this kind of after the hat after the fact detective work That if they did this the NSA would be able to have seen them do it in real time or at least would be able to trace What had happened over the internet because they intercept it all so never mind, you know Crowdstrike digging through the metadata and whatever that the NSA they would be able to judge with high confidence The Russians did this the Russians passed it to WikiLeaks, etc And if they're not saying they judge that with high confidence It's because they have no proof that that's true, but they should and if they don't then that's the dog that didn't bark Right, I Was on a interview program with Benny and I agree so and he put he particularly applies that logic to the end it to to WikiLeaks receiving the Stolen files that those because wiki the WikiLeaks website is certainly monitored Every which way in and out of that website is monitored And so the NSA would have known Conclusively who shared those files and They don't they don't seem to know.
So the the I agree with him.
There are certainly there are certainly Blank spots in the NSA's coverage around the world.
So in certain areas They have deeper pen deeper and wider penetration than in others North Korea, for example, they don't have very good insight.
They've acknowledged that And And Frank and also GRU's is works for around the world.
So they don't only work in official in Russia or in official GRU offices They they are their key Their primary mission is human intelligence, you know, so that signals intelligence so They had they operate covertly just like CIA does around the world So, you don't know even the NSA were able to collect all of the communications Every moment that is transmitted around the world They'd have two problems One is mining it and trying to find the needle in it in a haystack of needles And the other is even if they collect it How do they know who actually sent it?
That's still those are who's driving the car is still a hard question Even if you you know everything else Identifying the driver behind the keyboard is still tough All right.
All right before I let you go.
Is there any good question that I'm not smart enough to have known to ask you here We need to just keep no just you know, the bottom line here is it nobody is saying Keep in mind.
It's that nobody is saying nobody can rule out That Russia didn't do it, right?
We can't rule that out we just think what we want to strive to do like I said earlier is is Don't do harm with your guesswork Don't make claims that are going to result in harm unless you have evidence to support it and be Continue to be skeptical and Scott.
Thanks so much because you've been Consistent a person who has been striving for some objectivity and expressing Skepticism on the information that the mainstream media continues to sort of spoon-feed Everybody else.
Yep.
All right.
Well, thank you very much Jeff.
I really appreciate your time on the show again All righty.
Have a good one you too All right.
So that is Jeffrey Carr.
He is from found he is the founder of suits and spooks and That's a big conference that they put on a cyber security conference The next one is coming up at the end of November at the big car show the LA Auto Show in Los Angeles check out his writings at medium.com and Well, just put him in Google he's all over the place including a recent article in the Miami Herald Where they were also throwing cold water on this Democratic Party conspiracy theory.
All right, y'all that's it.
Scott Horton show check out the archives at Scott Horton org slash interviews at Libertarian Institute org slash Scott Horton show and follow me on twitter at Scott Horton show.
Thanks I love Bitcoin, but there's just something incredibly satisfying about having real fine silver in your pocket That's why commodity discs are so neat.
They're one ounce rounds of fine silver with a QR code on the back Just grab your smartphone's QR reader scan the coin and you'll instantly get the silver spot price in federal reserve notes and Bitcoin And if you donate a hundred bucks to the Scott Horton show, he'll send you one learn more at facebook.com slash commodity discs Commodity discs.com Hey y'all scott here If you've got a band a business a cause or campaign and you need stickers to help promote Check out the bumper sticker.com at the bumper sticker.com.
They digitally print with solvent ink So you get the photo quality results of digital with the strength and durability of old style screen printing I'm, sure glad I sold the bumper sticker.com to rick back when he's made a hell of a great company out of it There are thousands of satisfied customers who agree with me too.
Let the bumper sticker.com help you get the word out That's the bumper sticker.com at the bumper sticker.com
