What’s Behind Mysterious ‘Disclaimer’ On Top Of DHS

Many have noticed that on top of the Joint Report issued on Thursday by the FBI and U.S. Department of Homeland Security on the Russian hacks, there is a very peculiar thing: A disclaimer stating that “The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.” Some have speculated that the disclaimer is evidence that the federal government won’t stand by their findings.  WikiLeaks drew even more attention to this detail by tweeting out a picture of the disclaimer, which was subsequently retweeted more than 7 thousand times. As a legal website, we always read the fine print too, and wanted to find out what this means.

Obama’s Russia sanctions: Note that the ‘hacking’ report released today:

1) Doesn’t mention WikiLeaks

2) Has the following disclaimer: pic.twitter.com/fu4QbRlcyB

— WikiLeaks (@wikileaks) December 29, 2016

The 13-page page report describes how the Russian civilian and military intelligence Services have cyber operations that have included “spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information.” The report, which came out at the same time that President Obama announced sanctions against Russia, has drawn criticism for being sparse on details. For example, even though the report is 13 pages long, the last 7 pages are general tips to the public about how to guard against cyber security threats.

“The DHS statement is a restatement of already known public information,” one cyber security expert said.   But, drawing even more attention is that mysterious disclaimer at the top. What does it mean? We consulted with

Stewart Baker, a cyber security attorney, and former first Assistant Secretary for Policy at the Department of Homeland Security under President George W. Bush. He admitted that during his years at DHS, he doesn’t recall seeing this type of disclaimer on reports that he reviewed.

screen-shot-2016-12-30-at-2-22-39-pm

However, he doesn’t think it is some kind of indication that the information is wholly inaccurate. “Often early reports or information that is pulled from reports have a few errors on it,” Stewart told LawNewz.com

saying for example that the government may identify a wrong IP address.  “I can understand why someone would do that (provide a disclaimer) in the private sector. My guess is DHS wanted to get the information out as quickly as possible, and they want to recognize the possibility of corrections in the future.”

Baker said that any possible misattributions can cause harm to innocent people including being placed on blacklists.  The disclaimer may be a way to provide the government “cover”  if a private party turns around and sues them, he said.   Included in the report are 50 “alternate names” purportedly used by Russian Civilian and Military Intelligence Services including CakeDuke, CHOPSTICK, CosmicDuke, and COZY Car. In addition, the report included a Yara Signature (a tool designed to help researchers identify and classify malware) used by the hackers.

As for the actual report itself. “I thought the report was ‘moderately persuasive.’ I assume there is more information that is not being released. The information that they did release look like the kind of commercial reports that we see rather than something that draws on a lot of classified sources,” Baker said.

Interestingly, when we searched through other NCCIC (Department of Homeland Security) reports that were issued in the last few years, we also found instances where a similar disclaimer was used. For example, this 2014 report about the hacking/exploitation of electronic highway signs, also contains the same language regarding warranties as the Russia hacking report. The joint report is characterized as “white” in the government’s traffic light protocols which is the lowest level. That means that the ” information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.”

As for the disclaimer, Stewart believes it is likely the government didn’t want to be held liable for any misinformation that is inadvertently released.

 

Source : http://lawnewz.com/high-profile/we-dig-into-why-there-is-mysterious-disclaimer-on-top-of-dhsfbi-big-russia-hacking-report/

What’s Behind Mysterious ‘Disclaimer’ on Top of DHS/FBI Big Russia Hacking Report
The Prophet
Where Have All the Missiles Gone?
Summer 2015 Movie Releases: A Look at What’s Coming
Chris Hedges Answers Questions from Viewers - Chris Hedges on Reality Asserts Itself pt7
What's your DB2 for z/OS V8 migration strategy?
Long-term update: Our Nissan Patrol visits the dealer accessories shop
Are They Arming for Riots Across America? Homeland Stockpiling “Less Lethal Specialty Munitions”
Deep Underground Military Bases? California Hit By Mysterious Clockwork "Booms" Daily For Years
Mysterious electric car startup Faraday Future hints at future plans
'