US Govt Data Shows “Russia” Used Outdated Ukrainian PHP Malware 1


Wordfence has the the oddly title article US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware.

I say oddly titled because their conclusion is the opposite of the title. Upon rereading the title, I see that there is sarcasm in it that I did not notice at first.

The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.

The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.

Our “intelligence” agencies or the political hacks that oversee them may not be aware of how many computer security experts there are in the world who can analyze this data that they released. They probably figure that most people will take them at their word and believe their claim that this data proves Russia is behind it all. In fact the data shows that they have no reason to believe the Russians did it, other than the fact that they want us to believe that the Russians did it.


Leave a comment

One thought on “US Govt Data Shows “Russia” Used Outdated Ukrainian PHP Malware

  • SteveG Post author

    On the Wordfence web site, a comment from Eric Nelson said the following:

    For some reason people seem to forget about this Wired.com story below and the company Crowdstrike who has carefully documented the connection between the DNC and Russian intelligence.

    The headline on the article is Here’s What We Know About Russia and the DNC Hack.
    Wired won’t let me read their article because I use an ad blocker. However, the little of it that I was able to read before they stopped me seemed to be based on what our government is leaking. The story about the attack on the Ukrainian military telephones could be planted to try to falsify the thought that the hacking software comes from the Ukraine. Once the story is about spy agencies there is no telling what double, triple, and quadruple agents might be twisting the story and for whose benefit. The only real proof that the Russians did anything derives from the fact that that’s what our intelligence agencies want us to think, not even what they think themselves.

    I just thought of the fact that I have other browsers that do not use ad blocking. So I was able to read the Wired article. In light of what the Wordfence article revealed, it casts doubts on all of the analysis that the Wired article reports.