My Authors
Read all threads
This #BezosHack is a great example of the stupidity that afflicts forensics. Once you make a hypothesis that can explain something, it becomes the only hypothesis. Everything explainable now has an explanation. The more you don't understand, the more the hypothesis is proven.
Bezos's security consultant started accusing Saudi Arabia back in March, before the FTI forensics got started.
thedailybeast.com/jeff-bezos-inv…
They started with a conclusion, their job wasn't to refute the conclusion, but to find evidence of it. It wasn't possible for them to produce a report saying "we find no evidence of this", even though they actually found no evidence.
They did find a bunch of things they couldn't explain, anomalies. But here's the thing: every forensics investigation finds anomalies they can't explain. The correct conclusion to draw from this is that the forensics isn't able to explain everything.
But when you start with the conclusion that the Saudi's hacked the phone, then that would explain the anomalies. Thus, everything unexplainable becomes support for the conclusion.
In science, they call it "God in the gaps", where everything science can't explain is explained as "God did it". In cybersecurity, it's "hacker in the gaps", where everything unexplained becomes proof that a hacker did it.
Pretty much every forensics investigation I've done has required defending my conclusions from some idiot who tried to use the unexplainable to support their pet theory that explains it. This is especially true given corporate politics, which work just like this politics.
This @AgnesCallamard person from the U.N. doesn't care that consensus of outside experts is that the FTI report shows no evidence. She's got a political ax to grind, so the FTI report is evidence.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham (not at Shmoocon this year)

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!