World

Nothing Burger? How CrowdStrike's Meteoric Rise Was Triggered by Fake "Russia-Hacked-DNC" Story

Hedge funds have never been this bullish on CrowdStrike (CRWD), finance bloggers signalled in mid-March as the cyber firm continued to gain momentum ahead of the 2020 elections. Ex-CIA analyst Larry Johnson, investigative journalist George Eliason and Wall Street analyst Charles Ortel explain the DNC contractor's market bonanza.
Sputnik

While US benchmarks are plummeting despite the Federal Reserve's emergency coronavirus measures, CrowdStrike Holdings Inc. shares did perfectly well last week, surpassing Wall Street's estimates.

“CrowdStrike delivered a record-setting fourth quarter to conclude an exceptional fiscal year", the cyber-security firm's co-founder George Kurtz said on 19 March, stressing that the coronavirus pandemic had not only fallen short of hitting the company but had given it a further boost. "In times of crisis, adversaries will try to exploit the situation to prey on the public’s fear and escalate new attacks."

This March, CrowdStrike was also named a “leader” in enterprise detection in the Forrester Wave report and lauded as a best 2020 workplace in technology by Fortune magazine. Last year, the company's stock nearly doubled in value after it went public on the Nasdaq in June 2019.

Oddities in CrowdStrike's DNC 'Hack' Story

One might wonder as to what is behind the firm's meteoric rise. According to Larry Johnson, a former CIA analyst and member of Veteran Intelligence Professionals for Sanity (VIPS), it was the "Russian interference" story spun by the Democratic Party in 2016 that made the company famous and "boosted its value when it came time to take the company public".

For those who missed it, CrowdStrike is the DNC contractor that "detected" and "attributed" the alleged hack of the committee's servers to Russia during the 2016 election cycle. The company claimed that the perpetrators behind the supposed breach were "two Russian espionage groups", Cozy Bear (APT29) and Fancy Bear (APT28), suggesting with a "low" to "medium"-level of confidence that they may be affiliated with Russia's Federal Security Service (FSB) and Main Intelligence Department (GRU), respectively. Moscow summarily denied the claim as absurd.

In his latest op-ed, the CIA veteran outlines at least 11 "contradictions, inconsistencies or oddities" in the public narrative regarding CrowdStrike's role in 'discovering' the alleged Russian intrusion.  As Johnson points out, there is no "hard evidence" explaining:

·         how the purported hackers got in the DNC system;

·         what files exactly they obtained;

·         whether the reported breach could be attributed to Russian-speaking key punchers, let alone the state's intelligence agencies, given that the "intrusion tools" singled out by CrowdStrike are widely used in the public domain.

Additionally, Johnson raises the question as to how 30,000+ DNC files found their way to WikiLeaks between 22 and 25 May 2016 (judging from their metadata) despite CrowdStrike having installed its protection software Falcon on the DNC servers on 1 May or 6 May, according to the company’s own account, as cited by the press.

On 14 June 2016, the Washington Post asserted that "the hackers stole two files", citing CrowdStrike Services President and CSO Shawn Henry, which was not true given the scale of WikiLeaks' exposure, the CIA veteran highlights.

He considers it similarly inexplicable why the cyber firm decided to disconnect the compromised server only on 10 June 2016 in order to prevent further breaches.

Given all of the above, one might suggest that either "the CrowdStrike story about the DNC hack is a fabrication", which is Johnson's belief, or that the company is not worth its salt.

According to Veteran Intelligence Professionals for Sanity (VIPS), a group of former US intelligence officers working within the CIA, the FBI and the NSA, there had been no hack at all: the alleged intrusion had all the hallmarks of an inside job.

However, the US Federal Bureau of Investigations (FBI) continues to rely on CrowdStrike's narrative though the bureau has never physically examined the DNC servers being provided with their "digital copies" instead.

Nothing Burger? How CrowdStrike's Meteoric Rise Was Triggered by Fake "Russia-Hacked-DNC" Story

CrowdStrike's Fame & Value are 'Purely Political' 

American investigative journalist George Eliason, who has written a series of blog posts about the alleged DNC hack, is also sceptical about CrowdStrike's skills and ability to attribute cyber-ops to state and non-state actors.

"My take on CrowdStrike is for all the fame the DNC hacks and Sony hacks gave them, they won’t stand behind an attribution," Eliason says. "A couple examples of this starts with CrowdStrike co-founder Dmitriy Alperovitch boldly saying in 2017 that proof of his attribution to Russia was the Ukrainian artillery hack, which never happened. The app coder denies it was possible. And the particular tool Alperovitch was ascribing didn’t have that capability."

On 22 December 2016, CrowdStrike announced that it had found evidence about the "Russian" group Fancy Bear hacking a Ukrainian artillery app which led to heavy losses of howitzers in Kiev's war against Ukraine's break-away eastern republics. However, the claims about the combat losses and hacking were resolutely shredded by the Ukrainian Defence Ministry, while the UK-based International Institute for Strategic Studies (IISS) later explained that the cyber firm "erroneously used IISS data as proof of the intrusion".

"The second example is the North Korean attribution for the Sony hack", Eliason notes. "It was even weaker than the Ukrainian artillery attribution."

Apart from "tracing" the supposes DNC hack to Russia, the tech firm is also famous for uncovering supposed evidence "implicating" the government of North Korea in the hacking of Sony Pictures in November 2014.

The investigative journalist deems that the version of Dr. Mary Aiken, the world’s premier cyber-psychologist, that the Sony hack was most likely committed by a disgruntled employee trying to get revenge on Sony’s Amy Paschal, seems far more plausible. Still, the question as to who really hacked the Sony Pictures remains open, as The Hollywood Reporter noted last November.

CrowdStrike’s value is "purely political", Eliason sums up. According to him, the company has considerably benefited from hiring Shawn Henry, who used to serve as the executive assistant to former FBI Director Robert Mueller, the one who later supervised the "Trump-Russia" probe.

"It’s strictly politics and agency level nepotism which landed CrowdStrike the objectives they seem to be fond of missing", the journalist suggests. "Shawn Henry’s tenure under Mueller gave the company a leg up as well as an air of official credibility and official cooperation."

CrowdStrike's Anti-Russia Stance as a Market Driver

So, given the controversy surrounding CrowdStrike, the question arises as to why on Earth the company's stocks are rallying.

"If we look at this from a socio-political perspective, most of the support is because of Alperovitch and Crowdstrike are extremely hawkish toward Moscow and Beijing," Eliason presumes.

According to him, it is no coincidence that the cybersecurity firm was given a boost first by Google during the 2015/2016 election cycle and then by hedge funds funnelling money into the company's stocks during the 2019/2020 presidential campaign.

"In 2020, the conclusions CrowdStrike purported to be true about the 2016 election cycle is the vehicle these people bank on to move US foreign policy to an even harsher stance toward Russia," the investigative journalist notes. "The security industry sees it as a rising tide lifts all boats situation. Their futures are dependent on CrowdStrike succeeding with the 'Russia & Putin did it' story. The defence lobby and manufacturers see it the same way."

For his part, Wall Street analyst and investor Charles Ortel deems it is not the cyber firm's market gains which is particularly astonishing but the fact that "the FBI might still rely upon CrowdStrike, as they did during the 2016 election cycle, instead of relying upon their robust internal capabilities."

"Firms like CrowdStrike, used by unscrupulous clients, can conceivably engage in questionable practices, potentially influencing elections", he warns. "And who will regulate firms such as CrowdStrike? It is clear that Congress and the Senate are too easily influenced by the wealthy donor class as well."
Discuss