Daily BulletinHoliday Centre

The Conversation

  • Written by David Glance, Director of UWA Centre for Software Practice, University of Western Australia

As one of his parting acts as US President, Barack Obama retaliated against alleged Russian interference in the recent US election by expelling 35 Russian government officials from the US and placing sanctions on Russian security agencies, 3 companies and several individuals.

One of the companies included on the sanctions list was Zorsecurity (also known as Esage Lab) which was set up by a Russian programmer Alisa Shevchenko. According to the White House, Zorsecurity was included because it had provided the GRU (one of Russia’s military intelligence services) “with technical research and development”.

And that was it. Except that Shevchenko has vehemently denied that she has worked for the Russian government stating that “We don’t make malware for the Russian government”.

The difficulty for Shevchenko is that she simply doesn’t know what being placed on a sanctions list means for her personally. To be clear, there was no trial, no evidence presented publicly, nor was there an opportunity to provide a defence, there was simply an accusation and a listing on a public announcement.

What makes this particularly frustrating for Shevchenko is that the company listed doesn’t actually trade any more and so from one perspective the entire matter is moot.

It seems extraordinary that high stakes response to the Russian government and Russian President Vladimir Putin should have on the one hand two of Russia’s secret service agencies, the FSB and GRU and on the other hand a defunct company run at one time by a solitary Russian hacker with a handful of employees.

It has been argued that the evidence put forward to tie the Russian intelligence services with the hack of the Democratic National Committee (DNC) was not definitive enough to prove the link. Evidence for Russian involvement comes essentially from comparing the malware and techniques used by the hackers to previous hacks believed to be by specific groups, in this case from two groups called APT 28 (Aka Fancy Bear) and APT 29 (Aka Cozy Bear). These groups in turn are thought to be associated with the GRU (APT 28) and FSB (APT 29).

Whilst the debate continues of whether the evidence presented is actually sufficient to definitively tie specific groups to the hack, none of the evidence presented ties in with Shevchenko and Zorsecurity.

Shevchenko’s situation highlights the perils of being associated with cybersecurity even if you are one of the good guys, the so-called “White Hat” hackers. She is a self-taught and talented programmer who specialises in finding “zero-day” exploits. Whilst these exploits can, and are, used by criminals and spies, they can also be used to probe weaknesses in corporate networks as part of what is called penetration testing. In fact, Shevchenko has publicly contributed to finding and reporting vulnerabilities in energy management software and Microsoft Windows.

It is possible that some of her software or exploits were used by the GRU and FSB (and others) in gaining access to the DNC and other targets, however that is a different matter to her, or the company actively working with these agencies. Given the large number of companies and people who could potentially be involved with hacking on behalf the Russian services, it seems gratuitous that the US would single out a solitary female hacker to shoulder the entire blame.

The irony here is that in his rush to publicly be seen to respond to Russian hacking, Obama has sought to punish a female programmer working in cybersecurity. A key tenant of his presidency was to try and boost the participation of women in the tech industry with his own secret service agency the NSA employing hackers in their ongoing struggle to recruit real talent.

Not only is Shevchenko in a minority of women working in this area of programming but she has been extremely active in engaging in conferences and the open source community to develop and contribute software, knowledge and expertise. Alisa Shevchenko was also one of the founders of a community “hack space” Neuron Hackspace. None of this particularly suggested an idealogue dedicated to the hacking of the DNC.

Inadvertently perhaps, Obama has sent a clear message of the dangers for cybersecurity experts in becoming collateral damage in the political battles between the US, Russia and China. Just possibly, he has also just reinforced the extra dangers for women who stand out from the crowd?

In an additional irony, it may be that incoming US President Donald Trump will come to Shevchenko’s aid. He has indicated that he may reverse Obama’s sanctions against the Russians, especially if the Russians collaborate with the US against terrorism.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/why-did-us-president-obama-seek-to-punish-female-russian-hacker-alisa-shevchenko-71321


The Conversation


Closing the Gap Statement to Parliament

Mr Speaker, when we meet in this place, we are on Ngunnawal country. I give my thanks and pay my respects to our Ngunnawal elders, past, present and importantly emerging for our future. I honour...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Alan Jones

ALAN JONES: Prime Minister, good morning.    PRIME MINISTER: Good morning, Alan.    JONES: I was just thinking last night when we're going to talk to you today, you must feel as though you've ...

News Company - avatar News Company

Prime Minister Bridget McKenzie press conference

PRIME MINISTER: Good afternoon everybody. The good news is that the Qantas flight is on its way to Wuhan and I want to thank everybody for their cooperation, particularly the Chinese Government as...

Scott Morrison - avatar Scott Morrison

Business News

Choosing the Right Coworking Space For Your Business

As the capital of Victoria in Australia, Melbourne is inhabited by millions of people and is known as one of the most liveable cities in the world. The latter is due to the city’s diverse community...

Sarah Williams - avatar Sarah Williams

What Should You Expect from A Carpentry Apprenticeship?

Those wanting to pursue a career in woodwork, whether it be to make furniture, construct buildings or repair existing wooden structures, will have to first commence a carpentry apprenticeship. This ...

News Company - avatar News Company

4 Tips To Choosing A Reliable SEO Company For Your Digital Marketing Agency

Working with a digital marketing agency Perth is the best bet in ensuring that your business is promoted well in the online space. If you are an app developer Perth, you may have to work closely wit...

News Company - avatar News Company


Travelling With Pets? Here Is What You Should Know

Only a pet parent can understand the dilemma one experiences while planning a vacation. Do you leave your pets at home?  Will you get a pet sitter or someone to take care of them while you are away?...

News Company - avatar News Company

How to Be a Smart Frugal Traveller

You are looking through Instagram, watching story after story of your followers overseas at a beach in Santorini, walking through the piazza in Italy, and eating a baguette in front of the Eiffel ...

News Company - avatar News Company


Graduation is the stage of life when a student receives the rewards of hard work of years. It must have taken sleepless nights and tiring days to achieve the task. Now, as you have received your cov...

News Company - avatar News Company