{"id":10089,"date":"2017-01-02T18:40:11","date_gmt":"2017-01-02T18:40:11","guid":{"rendered":"https:\/\/informnapalm.org\/en\/?p=10089"},"modified":"2017-01-02T19:37:37","modified_gmt":"2017-01-02T19:37:37","slug":"never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report","status":"publish","type":"post","link":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/","title":{"rendered":"Never Cry &#8220;Bear!&#8221;: Ukrainian hacktivists fact-checking CrowdStrike report"},"content":{"rendered":"<p><strong>The conclusions of the report by CrowdStrike on the Russian hacker group Fancy Bear might prove wrong amid growing skepticism as hacktivists from Ukrainian<\/strong><strong>\u00a0<\/strong><strong>Cyberaliance \u00a0<\/strong><strong><a href=\"https:\/\/informnapalm.org\/uca\/\" target=\"_blank\">(UCA)<\/a> joined the fact-checking effort.<\/strong><\/p>\n<p>On 22 December the\u00a0CrowdStrike\u00a0analytical group <a href=\"https:\/\/www.crowdstrike.com\/wp-content\/brochures\/FancyBearTracksUkrainianArtillery.pdf\">published a report<\/a> citing an alleged hack of a mobile app for Ukrainian artillerymen by Fancy Bear, a Russian hacker group.<\/p>\n<p>While many media outlets rushed to fan the hot news, few cared to do the fact-checking and scrutinize the report findings.<\/p>\n<p>As early as on 23 December the <a href=\"http:\/\/www.bbc.com\/russian\/features-38401834\" target=\"_blank\">BBC<\/a>\u00a0Russian Service reacted with a story presenting a number of expert opinions that put a pinch of salt on the results and conclusions presented in the report.<\/p>\n<p>CrowdStrike reported that an X-Agent remote access malware had been planted on Ukrainian military forums that would be distributed with the artillery software and could be used later on to track and locate positions of Ukrainian artillery units.<\/p>\n<p>However, the system of distribution of the application developed by Yaroslav Sherstiuk, a military officer of the Ukrainian Armed Forces at 55th Separate Artillery Brigade, implemented multiple levels of protection against falling into wrong hands. In most cases the application had been personally handed by the developer to its end users, and the chances of artillery officers downloading it from anywhere except official sources were close to zero.<\/p>\n<p>A\u00a0<a href=\"https:\/\/www.bloomberg.com\/view\/articles\/2016-12-22\/why-i-still-don-t-buy-the-russian-hacking-story\">Bloomberg View<\/a>\u00a0observer Leonid Bershidsky was skeptical too:<\/p>\n<p><em>&#8220;I doubt that any of the Ukrainian military would download gun aiming software from a web forum. Under normal circumstances they would rather order it directly from the developers they know, from someone like Sherstiuk. Therefore, it is hard for me to believe that the infected application found somewhere on the net and, most probably, never used by Ukrainian military, can prove the connection between GRU (Main Intelligence Directorate) and ART28&#8221;.<br \/>\nExperts with were not alone in their general skepticism about CrowdStrike conclusions, also Ukrainian hacktivists from UCA came in to check the possible data leaks.<\/em><\/p>\n<p><a href=\"https:\/\/www.facebook.com\/photo.php?fbid=223992428049123&amp;set=a.130395897408777.1073741828.100013151020465&amp;type=3&amp;theater\">Sean Townsend<\/a>, a hacktivist from the RUH8 group (being a part of UCA, who won international renown after hacking into the office of the Russian presidential aide\u00a0<a href=\"https:\/\/informnapalm.org\/en\/surkovleaks-part2\/\">Vladislav Surkov<\/a>), too commented on the sensational report by CrowdStrike:<\/p>\n<p><em>&#8220;I&#8217;ve read the report by the CrowdStrike company entitled Fancy Bear Tracks Ukrainian Artillery. Being a hacker, I have little liking of the security industry as the guys in this business fear are fearmongers, but CrowdStrike failed to keep to even the mediocre standards generally accepted in the industry. They start their report with a bold statement alleging that the Ukrainian Armed Forces lost up to 80% of all their D-30 howitzers. The figure of 80% did not come from the International Institute for Strategic Studies, but was voiced by\u00a0colonelcassad (Ed.: the nickname of a Russian propagandist blogger). And even he, when blurting out this 80% figure then says it is not due to combat losses, but rather to a transfer of weapons from the Ukrainian Army to the National Guard (note that the section of the IISS report quotes a &#8220;very precise figure&#8221;, of &#8220;some D-30&#8221; ). The report further alleges (with no proof links) that the attack was made using X-Agent for Android. I have a couple of questions here &#8211; where are hashes, where are the addresses of control centers, estimated number of infected phones? Was it really X-Agent? I do understand that there are plans of congressional hearings on &#8220;Russian hackers&#8221; and CrowdStrike would like to show their relevance, but I think it is irresponsible on their part to act like that.<\/em><\/p>\n<p><a href=\"https:\/\/informnapalm.org\/wp-content\/uploads\/2016\/12\/fan.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-31374\" src=\"https:\/\/informnapalm.org\/wp-content\/uploads\/2016\/12\/fan.jpg\" alt=\"\" width=\"824\" height=\"511\" \/><\/a>(Photo: A screenshot of the malware code)<\/p>\n<p><em>We already have specimens of malware CrowdStrike associated with Fancy Bear and our findings are to follow. I won&#8217;t promise you communist zombies from GRU. I do think highly of the post-soviet hacktivist scene, but one should not demonize Russian hackers. We hacked a couple of them and it was too ridiculous for words. The screenshot undermines the version about &#8220;terrible Russian hackers from GRU&#8221;. All you see in the screenshot are strange letters and numbers, but an expert will see it flashing in big letters &#8220;THIS CODE HAS BEEN WRITTEN AND USED BY A MORON&#8221;<\/em><\/p>\n<p>InformNapalm volunteer intelligence community periodically presents stories based on analysis of data dug out by UCA hacktivists to the wide audience. As soon as we have the full details after the hacktivists will have the source data analyzed, we will certainly share further findings with the public. Stay tuned for updates in the\u00a0<a href=\"https:\/\/informnapalm.org\/en\/category\/hacker\/\">Hachtivism<\/a> section.<\/p>\n<hr \/>\n<p><em>Translated by <span id=\"result_box\" class=\"short_text\" lang=\"en\"><span class=\"\"><span class=\"_5yl5\">Denis Bolovlov<\/span><\/span><\/span>, edited by Artem Velichko.<br \/>\n<\/em><\/p>\n<p>(CC BY 4.0) The story has been written specially for <a href=\"https:\/\/informnapalm.org\/\"><em>InformNapalm.org<\/em><\/a><em>, any reproduction or use must contain or be subject to a valid hyperlink to our project.<\/em><\/p>\n<p><em>We call on our readers to actively share our publications on social networks. Broad public awareness of these investigations is a major factor in the information and actual warfare.<\/em><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The conclusions of the report by CrowdStrike on the Russian hacker group Fancy Bear might prove wrong&#8230;<\/p>\n","protected":false},"author":2,"featured_media":10090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4,528,641],"tags":[],"class_list":["post-10089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mainnews","category-news","category-uca"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Never Cry &quot;Bear!&quot;: Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Never Cry &quot;Bear!&quot;: Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)\" \/>\n<meta property=\"og:description\" content=\"The conclusions of the report by CrowdStrike on the Russian hacker group Fancy Bear might prove wrong...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\" \/>\n<meta property=\"og:site_name\" content=\"InformNapalm.org (English)\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-02T18:40:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-01-02T19:37:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"642\" \/>\n\t<meta property=\"og:image:height\" content=\"336\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Falcon Born\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Falcon Born\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\"},\"author\":{\"name\":\"Falcon Born\",\"@id\":\"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef\"},\"headline\":\"Never Cry &#8220;Bear!&#8221;: Ukrainian hacktivists fact-checking CrowdStrike report\",\"datePublished\":\"2017-01-02T18:40:11+00:00\",\"dateModified\":\"2017-01-02T19:37:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\"},\"wordCount\":816,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg\",\"articleSection\":[\"Main News\",\"News\",\"UCA\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\",\"url\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\",\"name\":\"Never Cry \\\"Bear!\\\": Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)\",\"isPartOf\":{\"@id\":\"https:\/\/informnapalm.org\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg\",\"datePublished\":\"2017-01-02T18:40:11+00:00\",\"dateModified\":\"2017-01-02T19:37:37+00:00\",\"author\":{\"@id\":\"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef\"},\"breadcrumb\":{\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage\",\"url\":\"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg\",\"contentUrl\":\"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg\",\"width\":642,\"height\":336},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/informnapalm.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Never Cry &#8220;Bear!&#8221;: Ukrainian hacktivists fact-checking CrowdStrike report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/informnapalm.org\/en\/#website\",\"url\":\"https:\/\/informnapalm.org\/en\/\",\"name\":\"InformNapalm.org (English)\",\"description\":\"Latest News from Ukraine\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/informnapalm.org\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef\",\"name\":\"Falcon Born\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/informnapalm.org\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2ab3370fab9c246db359190da7fc69ece9dd5c0538f0fa255b77632480af62e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2ab3370fab9c246db359190da7fc69ece9dd5c0538f0fa255b77632480af62e6?s=96&d=mm&r=g\",\"caption\":\"Falcon Born\"},\"sameAs\":[\"https:\/\/informnapalm.org\"],\"url\":\"https:\/\/informnapalm.org\/en\/author\/roman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Never Cry \"Bear!\": Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/","og_locale":"en_US","og_type":"article","og_title":"Never Cry \"Bear!\": Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)","og_description":"The conclusions of the report by CrowdStrike on the Russian hacker group Fancy Bear might prove wrong...","og_url":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/","og_site_name":"InformNapalm.org (English)","article_published_time":"2017-01-02T18:40:11+00:00","article_modified_time":"2017-01-02T19:37:37+00:00","og_image":[{"width":642,"height":336,"url":"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg","type":"image\/jpeg"}],"author":"Falcon Born","twitter_misc":{"Written by":"Falcon Born","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#article","isPartOf":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/"},"author":{"name":"Falcon Born","@id":"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef"},"headline":"Never Cry &#8220;Bear!&#8221;: Ukrainian hacktivists fact-checking CrowdStrike report","datePublished":"2017-01-02T18:40:11+00:00","dateModified":"2017-01-02T19:37:37+00:00","mainEntityOfPage":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/"},"wordCount":816,"commentCount":0,"image":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage"},"thumbnailUrl":"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg","articleSection":["Main News","News","UCA"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/","url":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/","name":"Never Cry \"Bear!\": Ukrainian hacktivists fact-checking CrowdStrike report - InformNapalm.org (English)","isPartOf":{"@id":"https:\/\/informnapalm.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage"},"image":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage"},"thumbnailUrl":"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg","datePublished":"2017-01-02T18:40:11+00:00","dateModified":"2017-01-02T19:37:37+00:00","author":{"@id":"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef"},"breadcrumb":{"@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#primaryimage","url":"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg","contentUrl":"https:\/\/informnapalm.org\/en\/wp-content\/uploads\/sites\/14\/2017\/01\/cry.jpg","width":642,"height":336},{"@type":"BreadcrumbList","@id":"https:\/\/informnapalm.org\/en\/never-cry-bear-ukrainian-hacktivists-fact-checking-crowdstrike-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/informnapalm.org\/en\/"},{"@type":"ListItem","position":2,"name":"Never Cry &#8220;Bear!&#8221;: Ukrainian hacktivists fact-checking CrowdStrike report"}]},{"@type":"WebSite","@id":"https:\/\/informnapalm.org\/en\/#website","url":"https:\/\/informnapalm.org\/en\/","name":"InformNapalm.org (English)","description":"Latest News from Ukraine","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/informnapalm.org\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/informnapalm.org\/en\/#\/schema\/person\/0a9c5fc44a7fbf844f57e2c2fa5c4bef","name":"Falcon Born","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/informnapalm.org\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2ab3370fab9c246db359190da7fc69ece9dd5c0538f0fa255b77632480af62e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2ab3370fab9c246db359190da7fc69ece9dd5c0538f0fa255b77632480af62e6?s=96&d=mm&r=g","caption":"Falcon Born"},"sameAs":["https:\/\/informnapalm.org"],"url":"https:\/\/informnapalm.org\/en\/author\/roman\/"}]}},"post_src":"<strong>The conclusions of the report by CrowdStrike on the Russian hacker group Fancy Bear might prove wrong amid growing skepticism as hacktivists from Ukrainian<\/strong><strong>\u00a0<\/strong><strong>Cyberaliance \u00a0<\/strong><strong><a href=\"https:\/\/informnapalm.org\/uca\/\" target=\"_blank\">(UCA)<\/a> joined the fact-checking effort.<\/strong>\r\n\r\nOn 22 December the\u00a0CrowdStrike\u00a0analytical group <a href=\"https:\/\/www.crowdstrike.com\/wp-content\/brochures\/FancyBearTracksUkrainianArtillery.pdf\">published a report<\/a> citing an alleged hack of a mobile app for Ukrainian artillerymen by Fancy Bear, a Russian hacker group.\r\n\r\nWhile many media outlets rushed to fan the hot news, few cared to do the fact-checking and scrutinize the report findings.\r\n\r\nAs early as on 23 December the <a href=\"http:\/\/www.bbc.com\/russian\/features-38401834\" target=\"_blank\">BBC<\/a>\u00a0Russian Service reacted with a story presenting a number of expert opinions that put a pinch of salt on the results and conclusions presented in the report.\r\n\r\nCrowdStrike reported that an X-Agent remote access malware had been planted on Ukrainian military forums that would be distributed with the artillery software and could be used later on to track and locate positions of Ukrainian artillery units.\r\n\r\nHowever, the system of distribution of the application developed by Yaroslav Sherstiuk, a military officer of the Ukrainian Armed Forces at 55th Separate Artillery Brigade, implemented multiple levels of protection against falling into wrong hands. In most cases the application had been personally handed by the developer to its end users, and the chances of artillery officers downloading it from anywhere except official sources were close to zero.\r\n\r\nA\u00a0<a href=\"https:\/\/www.bloomberg.com\/view\/articles\/2016-12-22\/why-i-still-don-t-buy-the-russian-hacking-story\">Bloomberg View<\/a>\u00a0observer Leonid Bershidsky was skeptical too:\r\n\r\n<em>\"I doubt that any of the Ukrainian military would download gun aiming software from a web forum. Under normal circumstances they would rather order it directly from the developers they know, from someone like Sherstiuk. Therefore, it is hard for me to believe that the infected application found somewhere on the net and, most probably, never used by Ukrainian military, can prove the connection between GRU (Main Intelligence Directorate) and ART28\".\r\nExperts with were not alone in their general skepticism about CrowdStrike conclusions, also Ukrainian hacktivists from UCA came in to check the possible data leaks.<\/em>\r\n\r\n<a href=\"https:\/\/www.facebook.com\/photo.php?fbid=223992428049123&amp;set=a.130395897408777.1073741828.100013151020465&amp;type=3&amp;theater\">Sean Townsend<\/a>, a hacktivist from the RUH8 group (being a part of UCA, who won international renown after hacking into the office of the Russian presidential aide\u00a0<a href=\"https:\/\/informnapalm.org\/en\/surkovleaks-part2\/\">Vladislav Surkov<\/a>), too commented on the sensational report by CrowdStrike:\r\n\r\n<em>\"I've read the report by the CrowdStrike company entitled Fancy Bear Tracks Ukrainian Artillery. Being a hacker, I have little liking of the security industry as the guys in this business fear are fearmongers, but CrowdStrike failed to keep to even the mediocre standards generally accepted in the industry. They start their report with a bold statement alleging that the Ukrainian Armed Forces lost up to 80% of all their D-30 howitzers. The figure of 80% did not come from the International Institute for Strategic Studies, but was voiced by\u00a0colonelcassad (Ed.: the nickname of a Russian propagandist blogger). And even he, when blurting out this 80% figure then says it is not due to combat losses, but rather to a transfer of weapons from the Ukrainian Army to the National Guard (note that the section of the IISS report quotes a \"very precise figure\", of \"some D-30\" ). The report further alleges (with no proof links) that the attack was made using X-Agent for Android. I have a couple of questions here - where are hashes, where are the addresses of control centers, estimated number of infected phones? Was it really X-Agent? I do understand that there are plans of congressional hearings on \"Russian hackers\" and CrowdStrike would like to show their relevance, but I think it is irresponsible on their part to act like that.<\/em>\r\n\r\n<a href=\"https:\/\/informnapalm.org\/wp-content\/uploads\/2016\/12\/fan.jpg\"><img class=\"aligncenter size-full wp-image-31374\" src=\"https:\/\/informnapalm.org\/wp-content\/uploads\/2016\/12\/fan.jpg\" alt=\"\" width=\"824\" height=\"511\" \/><\/a>(Photo: A screenshot of the malware code)\r\n\r\n<em>We already have specimens of malware CrowdStrike associated with Fancy Bear and our findings are to follow. I won't promise you communist zombies from GRU. I do think highly of the post-soviet hacktivist scene, but one should not demonize Russian hackers. We hacked a couple of them and it was too ridiculous for words. The screenshot undermines the version about \"terrible Russian hackers from GRU\". All you see in the screenshot are strange letters and numbers, but an expert will see it flashing in big letters \"THIS CODE HAS BEEN WRITTEN AND USED BY A MORON\"<\/em>\r\n\r\nInformNapalm volunteer intelligence community periodically presents stories based on analysis of data dug out by UCA hacktivists to the wide audience. As soon as we have the full details after the hacktivists will have the source data analyzed, we will certainly share further findings with the public. Stay tuned for updates in the\u00a0<a href=\"https:\/\/informnapalm.org\/en\/category\/hacker\/\">Hachtivism<\/a> section.\r\n\r\n<hr \/>\r\n\r\n<em>Translated by <span id=\"result_box\" class=\"short_text\" lang=\"en\"><span class=\"\"><span class=\"_5yl5\">Denis Bolovlov<\/span><\/span><\/span>, edited by Artem Velichko.\r\n<\/em>\r\n\r\n(CC BY 4.0) The story has been written specially for <a href=\"https:\/\/informnapalm.org\/\"><em>InformNapalm.org<\/em><\/a><em>, any reproduction or use must contain or be subject to a valid hyperlink to our project.<\/em>\r\n\r\n<em>We call on our readers to actively share our publications on social networks. Broad public awareness of these investigations is a major factor in the information and actual warfare.<\/em>\r\n\r\n&nbsp;","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/posts\/10089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/comments?post=10089"}],"version-history":[{"count":4,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/posts\/10089\/revisions"}],"predecessor-version":[{"id":10094,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/posts\/10089\/revisions\/10094"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/media\/10090"}],"wp:attachment":[{"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/media?parent=10089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/categories?post=10089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/informnapalm.org\/en\/wp-json\/wp\/v2\/tags?post=10089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}