Thursday, June 16, 2016

Perhaps CrowdStrike : Guccifer 2.0 :: FBI : Sabu

Less than five years ago, when Shawn Henry headed cybercrime investigations for the FBI, he oversaw multiple cases involving an informant known as Sabu.

Numerous hacktivists (such as Jeremy Hammond) offered their assistance to Sabu because they assumed that his AntiSec movement worked in opposition to the FBI and the surveillance state.

Where did they get that idea? It may have had something to do with a weekly AntiSec event that took social media by storm: the #FuckFBIFriday campaign (a cointelpro operation that was in fact monitored by the FBI).

Many of Sabu's hacktivist accomplices failed to learn (until it was too late) that he was working for the FBI even as he whipped up hacktivist enthusiasm against the surveillance state.

As journalist Quinn Norton points out, just three days after the FBI shut down its AntiSec operation, Shawn Henry retired from his government post to join a cybersecurity company called CrowdStrike, the same outfit recently hired by the Democratic National Committee to investigate an alleged data breach.

Henry's CrowdStrike lost no time in blaming the breach on Russian hackers (supposedly associated with two groups known as "Cozy Bear" and "Fancy Bear"). Almost immediately, however, a real or fabricated hacker with the handle Guccifer 2.0 claimed individual responsibility for the theft of opposition research from the DNC concerning Donald Trump.

Just as Sabu was fond of showing public scorn for the FBI, Guccifer 2.0 enjoys taunting CrowdStrike: “Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?"

In fact, it wasn't enough for Guccifer 2.0 to boast about turning the hacked goodies over to WikiLeaks. The hacker contextualized that revelation within a direct jab at Henry's cybersecurity firm: "The main part of the papers, thousands of files and mails, I gave to WikiLeaks. They will publish them soon. I guess CrowdStrike customers should think twice about [the] company’s competence."

My title asserts something that I cannot prove--but that I nevertheless deeply suspect: that the relationship of Guccifer 2.0 to Shawn Henry's cybercrime outfit in 2016 (CrowdStrike) is precisely analogous to the relationship of Sabu to Shawn Henry's cybercrime outfit in  2011 (the FBI). And since we now know that the FBI was deeply complicit in the infamous Stratfor hack, I can't help wondering who's really responsible for the DNC breach.

So when Donald Trump suggests that instead of being hacked by outsiders, the DNC simply handed its opposition research over to CrowdStrike, I'm not as quick as those unfamiliar with Shawn Henry to dismiss his claim as conspiratorial fantasy.

Is Donald Trump irresponsible with his rhetoric? Plainly. Is he incendiary when it comes to interpreting the world around him for his rabid supporters? Certainly. But is he nuts for suggesting that the story we're getting from CrowdStrike and the DNC is more likely to be a devious media ploy than a genuine breach of cybersecurity? I'm not sure--because I've seen this page from Shawn Henry's playbook before.

Henry knows how to establish credibility for an informant by having that informant heap public scorn on the agency that controls him. Just because we know for a fact that it happened less than five years ago with Sabu doesn't mean that it's definitely happening now with Guccifer 2.0--but it could be.

Those who want to cheer Guccifer 2.0 should remember how Sabu betrayed Hammond and do their cheering from a safe distance. 

 



1 comment: