Grizzly Misstep: Security Experts Call Russia Hacking Report “Poorly Done,” “Fatally Flawed”

James Comey
FILE - In this Sept. 27, 2016 file photo, FBI Director James Comey testifies on Capitol Hill in Washington. The longtime Hillary Clinton aide at the center of a renewed FBI email investigation testified under oath four months ago she never deleted old emails, despite promising in 2013 not to take sensitive files when she left the State Department. (AP Photo/Pablo Martinez Monsivais, File)
Pablo Martinez Monsivais—AP

On Thursday, the Department of Homeland Security and the FBI released a joint report about Russian cyberattacks, titled “Grizzly Steppe.” The report had been expected to lay out more details about intelligence agency’s claims that the Russian government was directly linked to hacks on the DNC and other organizations, but security experts have expressed broad disappointment with the report.

Jeffrey Carr, author of Inside Cyber Warfare, wrote on Friday that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at New America, argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details.

Get Data Sheet, Fortune’s technology newsletter.

The report, Carr says, lists hacking groups previously suspected of Russian government ties, mostly identified by commercial security firms, “without providing any supporting evidence that such a connection exists.” That evidence may still remain classified, but Carr says that if so, it should be reviewed by an independent commission, because the White House targeting of Russia “is looking more and more like a domestic political operation run by the White House”.

Lee is much less skeptical of the White House, calling the accusations against the Russian government “a strong and accurate statement.” But he highlights extensive sloppy mistakes and limited practical data in the Grizzly Steppe report. A list of names used to identify hacking campaigns, such as APT28 and COZYBEAR, inexplicably mingles in the names of both malware tools and capabilities. Data intended to help network administrators block attacks is missing vital IP addresses and attack timelines.

Lee also says descriptions of the techniques of the groups profiled is “very generic,” and of little use for network defense. He concludes that Grizzly Steppe “seems like a very rushed report,” and speculates that any useful data was removed during the review and approval process.

For more on cybersecurity, watch our video.

The flaws of the Grizzly Steppe report could become grist for those skeptical of White House and security agencys’ claims of Russian hacking—most notably, President Elect Donald Trump. He and his supporters largely see the accusations against Russia as an attempt by President Obama and Democratic allies to discredit the incoming President.

But political anxiety over the lack of evidence is simmering elsewhere, too. Writing on Friday, left-wing commentator Matt Taibbi described the Grizzly Steppe report as “long on jargon but short on specifics,” and part of a broader pattern of government overstatement with “an element of salesmanship.”


Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward