{"id":53323,"date":"2020-02-04T15:17:11","date_gmt":"2020-02-04T04:17:11","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=53323"},"modified":"2020-02-04T15:17:11","modified_gmt":"2020-02-04T04:17:11","slug":"hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/","title":{"rendered":"Hacking the headlines: the geopolitics of cybersecurity marketing"},"content":{"rendered":"
<\/figure>\n

The intersection of geopolitics and cybersecurity can make for an irresistible headline. For the media, it\u2019s a great story; for political players, it\u2019s a talking point they can use to appeal to their base or to browbeat their opponents with; and for cybersecurity companies, it can be an unbeatable opportunity to raise their profile and market their services.<\/p>\n

That can, however, encourage some of the individuals and institutions that bring allegations of hacking and espionage to light to make the biggest, most explosive claims possible. Sometimes accuracy, nuance or reasonable doubt go under the bus.<\/p>\n

Two very high-profile hacking allegations with serious geopolitical implications have been made in recent weeks, but close inspection shows them to be based on thin and inconclusive evidence from private cybersecurity companies.<\/p>\n

The first case involves a subsidiary of Burisma, the Ukrainian gas company which became embroiled in Donald Trump\u2019s impeachment trial. \u2018Russians hacked Ukrainian gas company at center of impeachment<\/a>\u2019, was the New York Times<\/em>\u2019 headline on 13 January. \u2018Russians breached Burisma during Trump impeachment probe<\/a>\u2019, proclaimed the Wall Street Journal<\/em>, while Fox went with \u2018Russians hacked Burisma, Ukrainian company that hired Hunter Biden: Researchers<\/a>\u2019.<\/p>\n

The researchers the Fox headline refers to were from Area 1 Security, a cybersecurity company that provides phishing detection and prevention services to private-sector and political organisations. Area 1\u2019s CEO, Oren Falkowitz, told the Associated Press and Time<\/em> magazine that his company\u2019s findings were \u2018incontrovertible<\/a>\u2019.<\/p>\n

In fact, the story of a Russian hack on Burisma has proved to be very controvertible. There are two issues at play here. One is the way in which some media coverage has misinterpreted or exaggerated Area 1\u2019s findings. The second is the report<\/a> itself. It\u2019s eight pages long, but that includes one each for the title page, the end page and three screenshots. This short document provides inconclusive evidence that any successful hack of Burisma or its subsidiary took place, or that Russian state-linked actors were responsible.<\/p>\n

Despite the headlines decrying a Russian attack on Burisma itself, the report actually alleges that Russia\u2019s GRU was seeking to phish email credentials from a Burisma subsidiary, KUB-Gas LLC. Area 1\u2019s analysis is based on the fact that someone has registered lookalike domains for remote email login pages belonging to KUB-Gas and other Burisma subsidiaries. Area 1 asserts this was the GRU (Russia\u2019s military intelligence agency) based on past patterns of behaviour.<\/p>\n

So, this was a phishing attempt, not a hack; there\u2019s no indication it was successful; and evidence linking the phishing attempt to the GRU is highly circumstantial.<\/p>\n

Facebook\u2019s former head of security Alex Stamos wrote on Twitter<\/a>: \u2018This report tying GRU to a Burisma phishing attack is both literally and figuratively very thin. No details on what data they have other than a public phishing page. The absolute rhetorical certainty instead of standard language on confidence level are red flags.\u2019<\/p>\n

Stamos notes that large incident response and tech companies have earned the benefit of the doubt on attribution claims thanks to years of care and obvious access to huge datasets. \u2018This isn\u2019t one of those companies and this kind of report doesn\u2019t help [them] build that reputation\u2019, he says.<\/p>\n

Nonetheless, the notion that Russia hacked Burisma has become a political talking point\u2014including being cited in House Intelligence Committee chair Adam Schiff\u2019s opening argument<\/a> at the Senate impeachment hearings. That\u2019s happened despite the claim not being supported by Area 1\u2019s research. Relations among the US, Ukraine and Russia are already fraught; the Burisma hacking allegations can only add to this strain. The geopolitical narrative has taken on a life of without regard to the facts, or the lack of them.<\/p>\n

A similar story has been playing out in relation to the alleged hack of Amazon founder Jeff Bezos\u2019s phone by Saudi Arabia\u2019s Crown Prince Mohammed bin Salman. On 22 January, international headlines broke airing allegations that Bezos\u2019s phone had been hacked using malware sent in a WhatsApp message directly from bin Salman\u2019s own account.<\/p>\n

However, when the research underlying these claims was published a short time later, it again left more questions than answers.<\/p>\n

The allegations are based on a report<\/a> by FTI Consulting, a cybersecurity company hired by Bezos to analyse his phone after personal photographs were leaked to the media last year. FTI\u2019s analysts found no malware on the device.<\/p>\n

What they did find was that in early May 2018, Bezos\u2019s phone began transmitting an unusually large amount of data, shortly after a video file was sent from bin Salman\u2019s WhatsApp account, and continued to transmit a high volume of data for months thereafter. This is strange behaviour and warrants investigation, but it doesn\u2019t constitute solid proof that Bezos\u2019s phone was hacked at all, let alone that it was hacked by bin Salman\u2019s WhatsApp message. There\u2019s nothing to disprove the claim either, but that\u2019s no basis for launching such a serious allegation.<\/p>\n

One aspect of the report which has experts puzzled is the claim that WhatsApp\u2019s end-to-end encryption prevented FTI from decrypting the content of the downloader to inspect it for malicious code. The decryption keys should be stored on the device itself, so it\u2019s not clear what\u2014other than, perhaps, simple lack of expertise\u2014prevented FTI from doing so.<\/p>\n

Cybersecurity expert Rob Graham wrote on Twitter<\/a>: \u2018I see nothing here that suggests Bezos\u2019 phone was hacked. It contains much that says \u201canomalies we don\u2019t understand\u201d, but lack of explanations point to incomplete forensics, not malicious APT actors. It uses phrases like \u201cunauthorized exfiltration\u201d to mean \u201coutgoing data we can’t explain\u201d. This is bad for such a report, really bad.\u2019<\/p>\n

Again, despite the inconclusive evidence, all it took was the initial headline splash for the \u2018Saudi Arabia hacked Jeff Bezos\u2019 political narrative to take off. The geopolitical ramifications of the story were immediately apparent: the United Nations called for an investigation<\/a>, a mass information operation<\/a> on social media demanded a Saudi boycott of Amazon, public denials were issued by Saudi officials<\/a> and bin Salman himself<\/a>, and equally public questions were raised over the White House\u2019s silence<\/a>. The impact of the allegations is likely to reverberate for some time.<\/p>\n

There are two lessons from all of this. The first is that journalists and media organisations should be asking much tougher questions whenever a cybersecurity company tries to shop them a story that sounds a little too cinematic to be true. They also need to resist the urge to write a splashy but misleading headline. If the research doesn\u2019t prove that a hack actually happened, as in both of these cases, the headline shouldn\u2019t assert that it did.<\/p>\n

The second is that cybersecurity companies need to act responsibly when publishing research, particularly research that\u2019s likely to have very real geopolitical consequences. The publicity involved in making an explosive, but poorly supported, allegation is not worth either the potential blowback from making incorrect claims about the activities of nation-states or political figures, or the long-term erosion of their reputations in the cybersecurity field.<\/p>\n","protected":false},"excerpt":{"rendered":"

The intersection of geopolitics and cybersecurity can make for an irresistible headline. For the media, it\u2019s a great story; for political players, it\u2019s a talking point they can use to appeal to their base or …<\/p>\n","protected":false},"author":899,"featured_media":53328,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[2138,728,730],"class_list":["post-53323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cybersecurity","tag-hacking","tag-media"],"acf":[],"yoast_head":"\nHacking the headlines: the geopolitics of cybersecurity marketing | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hacking the headlines: the geopolitics of cybersecurity marketing | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The intersection of geopolitics and cybersecurity can make for an irresistible headline. For the media, it\u2019s a great story; for political players, it\u2019s a talking point they can use to appeal to their base or ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-04T04:17:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Elise Thomas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elise Thomas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg\",\"width\":900,\"height\":600,\"caption\":\"Pile of fresh morning newspapers on the table at office. Latest financial and business news in daily paper. Pages with information (headlines, articles, photos, text). Folded and stacked journals\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/\",\"name\":\"Hacking the headlines: the geopolitics of cybersecurity marketing | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#primaryimage\"},\"datePublished\":\"2020-02-04T04:17:11+00:00\",\"dateModified\":\"2020-02-04T04:17:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/f4be10158c8a81660d6248a3f55850f5\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hacking the headlines: the geopolitics of cybersecurity marketing\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/f4be10158c8a81660d6248a3f55850f5\",\"name\":\"Elise Thomas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5694011532b257e771c1162109c8d19f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5694011532b257e771c1162109c8d19f?s=96&d=mm&r=g\",\"caption\":\"Elise Thomas\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/elise-thomas\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hacking the headlines: the geopolitics of cybersecurity marketing | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/","og_locale":"en_US","og_type":"article","og_title":"Hacking the headlines: the geopolitics of cybersecurity marketing | The Strategist","og_description":"The intersection of geopolitics and cybersecurity can make for an irresistible headline. For the media, it\u2019s a great story; for political players, it\u2019s a talking point they can use to appeal to their base or ...","og_url":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-02-04T04:17:11+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg","type":"image\/jpeg"}],"author":"Elise Thomas","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Elise Thomas","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/02\/GettyImages-1076532728-e1580789733546.jpg","width":900,"height":600,"caption":"Pile of fresh morning newspapers on the table at office. Latest financial and business news in daily paper. Pages with information (headlines, articles, photos, text). Folded and stacked journals"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/","url":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/","name":"Hacking the headlines: the geopolitics of cybersecurity marketing | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#primaryimage"},"datePublished":"2020-02-04T04:17:11+00:00","dateModified":"2020-02-04T04:17:11+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/f4be10158c8a81660d6248a3f55850f5"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/hacking-the-headlines-the-geopolitics-of-cybersecurity-marketing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Hacking the headlines: the geopolitics of cybersecurity marketing"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/f4be10158c8a81660d6248a3f55850f5","name":"Elise Thomas","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5694011532b257e771c1162109c8d19f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5694011532b257e771c1162109c8d19f?s=96&d=mm&r=g","caption":"Elise Thomas"},"url":"https:\/\/www.aspistrategist.ru\/author\/elise-thomas\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/53323"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/899"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=53323"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/53323\/revisions"}],"predecessor-version":[{"id":53326,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/53323\/revisions\/53326"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/53328"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=53323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=53323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=53323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}