
The Microsoft team tracking the world’s most dangerous hackers - howard941
https://www.technologyreview.com/s/614646/inside-the-microsoft-team-tracking-the-worlds-most-dangerous-hackers/
======
chatmasta
The article concludes:

 _The new normal is that industry cyberintelligence shops tend to lead the way
in this type of public security activity while government follows._

 _In 2016, it was CrowdStrike that first investigated and pointed the finger
at Russian activity aiming to interfere with the American election._

Does anyone else worry about the incentive mechanisms with this trend? When a
client like the DNC hires a security firm, they are looking for answers. But
answers are not always available in cyber attribution; often the best
conclusion analysis can produce is an educated guess with some probability.
There is rarely certainty. And yet, the clients expect the companies to assign
blame to _someone_. If they can’t do that, why would anyone hire them?

I’m worried when the public puts as much trust in a private company like
Crowdstrike as it does in its intelligence or law enforcement agencies. Are
these companies not incentivized to exaggerate their degree of certainty? Or
to pick the “right” boogeyman?

~~~
duxup
Wouldn't that be the same inside any given intelligence organization, policing
organization, etc?

People demanding answers of people who may not have them is part of the human
condition.

Internal or external organizations all seem to encounter such problems.

