Cyber Firm Rewrites Part of Disputed
Russian Hacking Report
March 24, 2017
U.S. cybersecurity firm CrowdStrike has revised and retracted statements
it used to buttress claims of Russian hacking during last year's
American presidential election campaign. The shift followed a VOA report
that the company misrepresented data published by an influential British
In December, CrowdStrike said it found evidence that Russians hacked
into a Ukrainian artillery app, contributing to heavy losses of
howitzers in Ukraine's war with pro-Russian separatists.
VOA reported Tuesday that the International Institute for Strategic
Studies (IISS), which publishes an annual reference estimating the
strength of world armed forces, disavowed the CrowdStrike report and
said it had never been contacted by the company.
Ukraine's Ministry of Defense also has stated that the combat losses and
hacking never happened.
Some see overblown allegations
CrowdStrike was first to link hacks of Democratic Party computers to
Russian actors last year, but some cybersecurity experts have questioned
its evidence. The company has come under fire from some Republicans who
say charges of Kremlin meddling in the election are overblown.
After CrowdStrike released its Ukraine report, company co-founder Dmitri
Alperovitch claimed it provided added evidence of Russian election
interference. In both hacks, he said, the company found malware used by
"Fancy Bear," a group with ties to Russian intelligence agencies.
CrowdStrike's claims of heavy Ukrainian artillery losses were widely
circulated in U.S. media.
On Thursday, CrowdStrike walked back key parts of its Ukraine report.
The company removed language that said Ukraine's artillery lost 80
percent of the Soviet-era D-30 howitzers, which used aiming software
that purportedly was hacked. Instead, the revised report cites figures
of 15 to 20 percent losses in combat operations, attributing the figures
The original CrowdStrike report was dated Dec. 22, 2016, and the updated
report was dated March 23, 2017.
The company also removed language saying Ukraine's howitzers suffered
"the highest percentage of loss of any ... artillery pieces in Ukraine's
Finally, CrowdStrike deleted a statement saying "deployment of this
malware-infected application may have contributed to the high-loss
nature of this platform" — meaning the howitzers — and excised a link
sourcing its IISS data to a blogger in Russia-occupied Crimea.
In an email, CrowdStrike spokeswoman Ilina Dmitrova said the new
estimates of Ukrainian artillery losses resulted from conversations with
Henry Boyd, an IISS research associate for defense and military
analysis. She declined to say what prompted the contact.
CrowdStrike defends report
"This update does not in any way impact the core premise of the report
that the FANCY BEAR threat actor implanted malware into a D-30 targeting
application developed by a Ukrainian military officer," Dmitrova wrote.
Reached by VOA, the IISS confirmed providing CrowdStrike with new
information about combat losses, but declined to comment on
CrowdStrike's hacking assertions.
don't think the current version of the [CrowdStrike] report draws
conclusions with regard to our data, other than quoting the
clarification we provided to them," IISS told VOA.
Dmitrova noted that the FBI and the U.S. intelligence community have
also concluded that Russia was behind the hacks of the Democratic
National Committee, Democratic Congressional Campaign Committee and the
email account of John Podesta, Hillary Clinton's campaign manager.
The release of embarrassing Democratic emails during last year's U.S.
political campaign, and the subsequent finding by intelligence agencies
that the hacks were meant to help then-candidate Donald Trump, have led
to investigations by the FBI and intelligence committees in both the
House and Senate.
Trump and White House officials have denied colluding with Russians.