Crowdstrike Needs To Address The Harm It Caused Ukraine

Crowdstrike’s Danger Close intelligence report is an analytic failure of epic proportions, but more importantly, it has harmed the morale of the people of Ukraine as well as cast doubt in the minds of the Ukrainian soldiers who relied upon the app.

The report repeats a pro-Russian military blogger’s exaggerated figures of an 80% loss rate of Ukraine’s D-30 artillery caused in part by a variant of the same malware used in the DNC hack.

The Ministry of Ukraine denies the allegations and states that the number of lost artillery is less than 80% and they lost no artillery due to the cause proposed by Crowdstrike.

Crowdstrike claimed that the GRU identified a targeting app, wrote malware for it, and used the compromised apps to geolocate and bomb their artillery.

Adam Meyers: “Russian hackers … tricked Ukrainian servicemen into downloading a contaminated version of the software (that) would have allowed attackers to monitor Ukrainian units’ rough position on the battlefield “in real time” using GPS.”

That sounds great except for the fact that the malware doesn’t ask for GPS location data.

CrySys Lab: “The malicious APK does not use GPS to get exact location of the infected phone, it does not even ask for GPS-level position information.”

Neither did the app itself according to its developer Jaroslav Sherstuk.

Jaroslav Sherstuck: “The suspicion of hacking refers to the software “Popr-D30,” which was not supported by me for over a year, and at that time (2014) had no access to the Internet to receive or transmit any data.

Crowdstrike hasn’t said how many of Sherstuck’s devices were infected (the answer is zero), nor have they attempted to contact Sherstuck himself. If they had, they would have saved themselves the embarrassment of claiming an effect that would be impossible for the malware to execute on that app.

The company found one piece of malware and one video, and from that flimsy evidence built an entire house of cards whose only purpose was to grab headlines. I doubt that Dmitri Alperovich or Adam Meyers, the report’s co-authors, gave even a moment’s consideration to the damaging effect that it would have on the citizens and soldiers of Ukraine. And so far, neither of them have issued a retraction or an apology.

This kind of irresponsible behavior should not be tolerated by the U.S. government or Crowdstrike’s customers.

See Also:

The GRU-Ukraine Artillery Hack That May Never Have Happened


[1] Interview via email between the app’s creator Jaroslav Sherstuk and the author on December 24, 2016.