Profile picture
, 8 tweets, 2 min read
My Authors
Read all threads
This #BezosHack is a great example of the stupidity that afflicts forensics. Once you make a hypothesis that can explain something, it becomes the only hypothesis. Everything explainable now has an explanation. The more you don't understand, the more the hypothesis is proven.
Bezos's security consultant started accusing Saudi Arabia back in March, before the FTI forensics got started.
thedailybeast.com/jeff-bezos-inv…
They started with a conclusion, their job wasn't to refute the conclusion, but to find evidence of it. It wasn't possible for them to produce a report saying "we find no evidence of this", even though they actually found no evidence.
They did find a bunch of things they couldn't explain, anomalies. But here's the thing: every forensics investigation finds anomalies they can't explain. The correct conclusion to draw from this is that the forensics isn't able to explain everything.
But when you start with the conclusion that the Saudi's hacked the phone, then that would explain the anomalies. Thus, everything unexplainable becomes support for the conclusion.
In science, they call it "God in the gaps", where everything science can't explain is explained as "God did it". In cybersecurity, it's "hacker in the gaps", where everything unexplained becomes proof that a hacker did it.
Pretty much every forensics investigation I've done has required defending my conclusions from some idiot who tried to use the unexplainable to support their pet theory that explains it. This is especially true given corporate politics, which work just like this politics.
This @AgnesCallamard person from the U.N. doesn't care that consensus of outside experts is that the FTI report shows no evidence. She's got a political ax to grind, so the FTI report is evidence.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham (not at Shmoocon this year)

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#BezosHack

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
The Democrats stress that the failure of their Iowa Caucus app was not due to a "hack or intrusion". This is a purely arbitrary statement. I means they want people to believe that there's no hack or intrusion.
I mean, there probably was no hack. What I'm describing here is how people treat anomalies. We saw in the "Saudis hack Bezos" story how anything unexplained was explained by their predetermined theory, and thus, was "evidence" of that theory.
The same thing is going on here. They want not to have been hacked, so anomalies are explained as programmer failure.
Read 4 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
Attorneys won't provide legal advice for free or for a small fee, doctors won't look at your kid's rash, and really, cybersecurity professionals shouldn't be looking at people's computers.
One reason is the risk of being sued when there's a mistake -- you are asking them to accept a considerable financial risk for free.

The second reason is the a high chance of a mistake.
Let's ask a lawyer "Is port scanning legal?". What I don't tell them is that I'm running nmap with a script that also automatically logs onto the system, so when I get arrested for CFAA violations, I sue the lawyer who told me it was legal for legal malpractice.
Read 10 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
At some point we have to call this "Saudi hacks Bezos" story "fake news". It's debunked, yet the media still pushes it. Sure, this story does point out it's purely "circumstantial', but then goes on to treat as almost certainly true.
As, as my non-technical and technical deep dives demonstrate, the FTI report contains no evidence of a hack. It's a conspiracy theory that treats things the investigators don't understand as evidence -- much like UFO believers.
blog.erratasec.com/2020/01/theres…
By "at some point" I mean, maybe not initially, when breaking news is always problematic. I mean a week later after people have had time to digest the story and fact check it, finding problems, and it's STILL treated as fact.
Read 8 tweets

Related threads

Profile picture
Filomena Rocha
@Filomen03258997
3.🗣️📢Alert World leaders, citizens of the world, is attempting a coup d'état in #Bolivia.
🗣️📢Do not let that happen.
🗣️📢Evo Morales is one of the great leaders of the 21st century.
🗣️📢Protect democracy
🗣️📢Protect Bolivia
#regimechange #ProtectBolivia #ProtectDemocracy
1. 🗣️📢Alert World leaders, citizens of the world, is attempting a coup d'état in #Bolivia.
🗣️📢Do not let that happen.
🗣️📢Evo Morales is one of the great leaders of the 21st century.
🗣️📢Protect democracy
🗣️📢Protect Bolivia
threadreaderapp.com/thread/1187148…
2. 🗣️📢Alert World leaders, citizens of the world, is attempting a coup d'état in #Bolivia.
🗣️📢Do not let that happen.
🗣️📢Evo Morales is one of the great leaders of the 21st century.
🗣️📢Protect democracy
🗣️📢Protect Bolivia
threadreaderapp.com/thread/1191853…
Read 304 tweets
Profile picture
Xinqi Su
@XinqiSu
#NOW in Tsim Sha Tsui, umbrella-holding protesters have occupied Salisbury Rd and walked into Nathan Road. Not a huge crowd but many are waiting along roads from TST pier.
Cantonese is difficult but not too difficult
@ Nathan Rd, Tsim Sha Tsui
Hold it tight when storm looms - protesting couples in #AntiMaskBan march in Tsim Sha Tsui.
Chan Ka-ming, a pro-democracy district council candidate, is chanting slogan at a TST station exit on Nathan Rd.
Read 34 tweets
Profile picture
Vintage Threads ⏳ IG: Vintagexpast
@vintagexpost
How Disney Blew The Fuck Up: A Thread
Disney became so powerful that he controlled the minds of children across the world.

Today, Disney literally owns everything... Disney even owns me. When you look at my ass it’s branded “Disney Coporations”.

We’re going to *attempt* to dive into how this nightmare happened
We’re also going to attempt to understand how a company that was so blatantly racist continues to be forgiven time and time again
Read 214 tweets
Profile picture
Wendi C. Thomas
@wendi_c_thomas
Day 3 of the Memphis police surveillance trial set to begin in federal court soon. @mem_police Director Mike Rallings will testify first. Follow me on Twitter at @wendi_c_thomas for updates throughout the day. #MLK50
To catch up, check out @DanielConnolly @memphisnews story: commercialappeal.com/story/news/201…
That’s not a cause for concern at all. The top of @DanielConnolly story from Day 2.
Read 132 tweets

Trending hashtags

#HongKong #ALTO #10Nov #PropagandaWars #ElMundoEstaConEvo #HongKongProtest #HDCA2019 #Cameroon #USA #RegimeChangeDeluxe #opposition #HongKongProtests #Immoral #BBCAfricaEye #GolpeDeEstadoEnBolivia #WarCriminals #NOW #LittleRock #terrorism #CIA #Israel #Mexico #Now #terrorists #EvoElMundoContigo
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!