On NPR’s The Diane Rehm Show today, one of the guest panelists was Laura Galante, currently the director of global intelligence for FireEye, a cyber-security company. She has also served as a cyber-threat intelligence analyst for the Department of Defense. Ms. Rehm invited Galante onto the show because of her understanding of cyber-threats, her knowledge of the evidence the CIA and our 17 differing intelligence agencies has posited, and her ability to analyze that evidence in a meaningful way.
Galante was asked to respond to a comment left on The Diane Rehm Show Facebook page: “There is still no such evidence for any of these claims. What we have are assertions, disseminated by anonymous people, completely unaccompanied by any evidence, let alone proof.”
Galante’s response is stunning:
“So for years, the private sector – including our company, FireEye – has discussed the infrastructure, the tools, and then the groups behind the activity that we believe to be sponsored by the Russian government. To give you a taste of the type of forensic data and evidence that we’ve been seeing mount for years, the tools that these Russian groups use go back to development in 2007, at the very latest, and could even have been before that. We see details in the way that the code is written that shows that sustained effort. We see a well-resourced and sophisticated developer and team of developers behind this who are able to change the tools that are used to break into networks like the DNC and adapt the tool as they see fit. We also see this code complied in Moscow’s time zone over 90% of the time for the last nine years now. Then we start to look at the targets. We see Ministry of Internal Affairs in Georgia targeted for some time. Attaches in eastern Europe, Chechen journalists, the profile of the targeting, the types of tools used, and then the infrastructure that lets us track these groups, are just some of the initial pieces that we even see on the private side, let alone what the intelligence community has to bear which are a whole lot of additional sources, that start to piece together the understanding of how Russia is operating these campaigns, and the likelihood that the are sponsoring these activities in cyberspace.”
The panel takes another question from a skeptical caller named Michael, who works in the IT field at a major ISP in America. He says, “the only proof that I’ve seen is a Russian i.p. address, Russian language used in it, and the time zone that was released. I’d just like to say that in the internet security field, an i.p. address means literally nothing when it comes to tracking somebody or some kind of proof when it comes to accusing a company I just think it’s very…it’s the most fishy thing I’ve ever seen.”
Galante hits a home run with her response:
“It’s a great question. And the claim that’s getting made here is not one based on a single piece of evidence. It’s not just ‘how do we track the infrastructure – the i.p.s where this is coming from,’ or, ‘do the tools have Russian language setting,’ or ‘were they complied in Moscow.’ It’s the totality of the evidence that is at hand to make an intelligence assessment. And with these groups – with APT, or ‘Advanced Persistent Threat 28,’ which is the name we’ve called this Russian group who’s been behind these hacks this summer, and long running since ’07 -it’s the combination of their tool use, the specificity of targets, the way that the tools are constructed, and then the alignment with what they do to the interests of a specific state, and it becomes very unlikely that sponsorship is anyone but the Russian government.”
Wow. Now be sure to SHARE this article – America needs to know!
Listen to the entire conversation from The Diane Rehm Show here: LISTEN.