Major security group suppresses report from major security firm
A little while back I did a report on a major analysis by a major security firm on a major malware campaign. The security firm mentioned the name of a major security group situate in a major world economy. The malware campaign seemed to originate from this major world economy and primarily target one other specific country. The security group’s name repeatedly appeared in the code of the malware being investigated. All of this is fact.
A few days later I asked a separate security firm, whom I knew to be also investigating the same malware campaign, for their thoughts. We’d rather not comment, was the reply, since this is already causing problems.
Well, this major analysis report now seems to have disappeared from the major security firm’s website.
Why would that be?
I hardly think that legal threats from the major security group would be enough – after all, the major security firm was merely presenting facts. The major security group’s name really does appear in the malware code, repeatedly. Anyway, the analysis report went to great lengths to say, paraphrased, “we are in no way suggesting that [major security group] is implicated by this – there could be many innocent reasons for the name to appear.”
But the report has disappeared. There’s still an entry in the major security firm’s blog that describes the malware campaign. But the major security group’s name doesn’t appear. A link points to the report, but just goes to the home page. The report itself seems to have disappeared.
Why would that be?
There are two reasons I can think of. The first is that the major security firm now accepts that the inclusion of the major security group’s name is coincidental and unrelated to reality. But then why not just say so, rather than removing the whole report?
The other is government pressure. The whole malware campaign reeks of state-sponsored cyber espionage. And if that’s the case, I can fully understand said major world economy applying government-level pressure against said major security firm to bury any implied suggestion of cyber espionage against the target country.
So this morning I received this email. “I am Mr Thing, Corporate Communication Manager of Major Security Group. I had earlier also sent you the mail but I did not got any response from your end.” He hadn’t, but we’ll let that pass. “There is an article on your website which says… I want to clarify you that the claims in the report were totally false and imaginative.” I don’t think so – they were a report of a matter of fact. And it’s not my website – it is the website of the magazine I was writing for. Out of loyalty to that magazine, and courtesy to the major security firm that has buckled under pressure and removed the report, I mention no names. But I should point out to Mr Thing that had I published my report on this website, it would remain in full with his email appended in full, and the major security firm’s major analysis of the major malware campaign appended to that.
Mr Thing also added, “So, I want you to remove the link from your website as it is defamatory, libellous, ethnically objectionable.” I would say to Mr Thing, corporate communications manager of major security group in major world economy, I take a very dim view of being accused of writing things that are defamatory, libelous and ethnically objectionable. In fact, I consider that to be defamatory.
Where do these people get off thinking they can suppress fact and rewrite history?