Most Read
    Image 01 Image 02 Image 03

    CrowdStrike Revises Russian Hack Into Ukrainian Artillery

    CrowdStrike Revises Russian Hack Into Ukrainian Artillery

    It’s the same report that claimed Russian groups used malware on the DNC.

    Cybersecurity firm CrowdStrike recently revised a report from December that insisted that the group “Fancy Bear,” which has ties to Russian intelligence, used malware to hack into Ukrainian artillery. In the same report, the firm said “Fancy Bear” used the same malware to “hack” into the American election.

    Well, British think tank International Institute for Strategic Studies (IISS) found that CrowdStrike “erroneously used IISS data as proof of the intrusion.” This also calls into question its findings of meddling in our election.

    The Original Report

    CrowdStrike produced its report on December 22, 2016. The company’s co-founder Dmitri Alperovitch stated that the firm found the “malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee.” He stressed that those who used the malware had to have communication with Russian military:

    The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said.

    Its deployment “extends Russian cyber capabilities to the front lines of the battlefield,” the report said, and “could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information.”

    Downloads of the legitimate app were promoted on pages used by Ukrainian artillery on vKontakte, a Russian social media website, CrowdStrike said. There is no evidence the application was made available in the Android app store, limiting its distribution, the firm said.

    The report used a Russian blogger to cite the IISS findings:

    “Between July and August 2014, Russian-backed forces launched some of the most-decisive attacks against Ukrainian forces, resulting in significant loss of life, weaponry and territory,” CrowdStrike wrote in its report, explaining that the hack compromised an app used to aim Soviet-era D-30 howitzers.

    “Ukrainian artillery forces have lost over 50% of their weapons in the two years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal,” the report said, crediting a Russian blogger who had cited figures from IISS.

    Skepticism Mounted Immediately

    Yaroslav Sherstyuk developed the Ukrainian military app. He lashed out at CrowdStrike on Facebook, calling the report “delusional.” He also expressed frustration that the firm never reached out to him.

    It turns out CrowdStrike did not reach out to IISS either:

    “The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report’s authors,” the IISS said. “The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate.”

    One of the IISS researchers who produced the data said that while the think tank had dramatically lowered its estimates of Ukrainian artillery assets and howitzers in 2013, it did so as part of a “reassessment” and reallocation of units to airborne forces.

    “No, we have never attributed this reduction to combat losses,” the IISS researcher said, explaining that most of the reallocation occurred prior to the two-year period that CrowdStrike cites in its report.

    “The vast majority of the reduction actually occurs … before Crimea/Donbass,” he added, referring to the 2014 Russian invasion of Ukraine.

    Ukraine’s military technical advisor Pavlo Narozhnyy said that malware could have infected the app, but someone would have spotted it:

    “I personally know hundreds of gunmen in the war zone,” Narozhnyy told VOA in December. “None of them told me of D-30 losses caused by hacking or any other reason.”

    In January, the Ukrainian Ministry of Defense also denied any hacking took place. The ministry also said the “artillery losses were many times smaller and not caused” by Russian hackers. The report said Ukraine lost 80% of its howitzers, but that means the country would have lost almost all of its biggest guns:

    “The spread of false information leads to a heightening of social tensions and undermines people’s trust in Ukraine’s armed forces,” the defence ministry said.

    What Changed?

    That all changed last week when CrowdStrike made numerous changes to its initial report (emphasis mine):

    The company removed language that said Ukraine’s artillery lost 80 percent of the Soviet-era D-30 howitzers, which used aiming software that purportedly was hacked. Instead, the revised report cites figures of 15 to 20 percent losses in combat operations, attributing the figures to IISS.

    The company also removed language saying Ukraine’s howitzers suffered “the highest percentage of loss of any … artillery pieces in Ukraine’s arsenal.”

    Finally, CrowdStrike deleted a statement saying “deployment of this malware-infected application may have contributed to the high-loss nature of this platform” — meaning the howitzers — and excised a link sourcing its IISS data to a blogger in Russia-occupied Crimea.

    CrowdStrike spokeswoman Ilina Dmitrova told VOA that the firm changed its numbers on the artillery losses due to a conversation with Hnery Boyd at IISS. She did not say why the firm decided now to contact the think tank.

    What Does That Mean to America?

    Like I said, it calls CrowdStrike’s reputation and statistics into question. As someone who despises Russia, I still want the truth. It’s sickening if the firm misrepresented data concerning the DNC because the left and Russian conspiracy theorists latched onto CrowdStrike’s report. Comey even stuck up for CrowdStrike during his Congressional hearing.


    Donations tax deductible
    to the full extent allowed by law.


    The so-called rebels, including ethnic Ukrainians, Jews, Russians, and others, are refugees of a Western-backed coup in Kiev. It’s not Russia that invaded Ukraine, but rather an assembly of leftists, neo-Nazis, social justice adventurists, natural resource scavengers, and anti-native factions.

    tom swift | March 30, 2017 at 12:05 am

    … the “malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee.”

    So it isn’t the same malware. Sorry, at that point, the trail goes cold.

    You can’t pin an assault on someone because fingerprints found on a weapon are a variant of those found on the suspect.

    Leave a Comment

    Leave a Reply

    You must be logged in to post a comment.

    Notify me of followup comments via e-mail (or subscribe without commenting.)

    Font Resize
    Contrast Mode
    Send this to a friend