But now that the cat’s out the bag and some are trying to discredit us and our work instead, I feel I have to give a few factual details.
-
-
Prikaži ovu nit
-
We pitched the story to journalists before we were to publish the report. A journalist asked if he could share with Robert to have a second opinion for his article. We agreed to share our full report with him, and the samples we were allowed to share.
Prikaži ovu nit -
We expected Robert to simply confirm or deny our findings. But the day of the release, his start-up decided to also publish a report using another name for the threat.
Prikaži ovu nit -
I will let the community decide whether their publication was worth it from a research perspective, if their reporting contained added value and if it was worth having those details the exact same day as our report.
Prikaži ovu nit -
It was very frustrating for our team to see "CrashOverride, also known as Industroyer, discovered by Dragos and ESET […]" in all reporting when you spend months on a research vs a few days for the other organization. There was no joint publication agreement.
Prikaži ovu nit -
To be clear, we did not see Dragos' report before it was published, even if they claimed to have shared it with their customers and CERTs the day before. We also didn’t know their intentions of publishing on the same day.
Prikaži ovu nit -
Robert did mention he was going to publish a blog to "draw attention to the findings and corroborate [our] findings" (see the email conversations he posted), but we were under the impression it was going to be through his personal blog on his personal website.
Prikaži ovu nit -
Not only did Dragos raced ESET to publish their own report, they also took the liberty of promoting their report all over the place including media outlets, prior to the publication.
Prikaži ovu nit -
Take this Washington Post article published minutes after our report and minutes prior to Dragos' report.https://www.washingtonpost.com/world/national-security/russia-has-developed-a-cyber-weapon-that-can-disrupt-power-grids-according-to-new-research/2017/06/11/b91b773e-4eed-11e7-91eb-9611861a988f_story.html …
Prikaži ovu nit -
Given the timeline, the journalist must had knowledge about it prior to publication. It attributes the work to "U.S. Researchers" and contains quotes from no less than three Dragos staff members.
Prikaži ovu nit -
It also barely mentions ESET at all, only to say we were the first to obtain the samples, when in fact we spent months analyzing the whole threat and shared our entire analysis with Dragos.
Prikaži ovu nit -
Regardless, we’ve accepted to share the spotlight with them and not make a big deal of this. That day, we did however decide we will never share details of our research with them before a publication anymore.
Prikaži ovu nit -
Unlike what some are saying, ESET never withhold research. As a matter of fact, we do not have a paid for service for a feed of "private reports". Maybe this is something that will change with time, but this is the status right now.
Prikaži ovu nit -
Pretty much everything our team does end up on our corporate blog, WeLiveSecurity, where anyone can read articles and download PDFs, without collecting contact information or the number of employees in you organization.
Prikaži ovu nit -
We also share our reports in advance with multiple organizations including potential victims and law enforcements if it make sense. However, there are 100s of CERTs worldwide, we can’t share it with all of them in a simple way.
Prikaži ovu nit -
CERTs can issue their advisories based on our publications if they wish using our reports and our plain text IoCs on GitHub (hashes, YARA rules, MISP events, Python scripts, etc).
Prikaži ovu nit -
In the case of Industroyer, we shared all the details and a draft analysis with potential victims in January 2017, 6 months prior to the publication. No, they weren’t US-based.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.