Cyber Attribution
Download as PPTX, PDF0 likes49 views
Cyber attribution is the process of identifying the source of a cyber attack, which can be complicated by tactics like false flagging, where one group disguises its actions as those of another. Recent revelations indicate that the U.S. government has developed software to mimic other nations' malware, potentially to provoke conflict. Accurate attribution relies on various types of evidence, and the inherent complexities of cyber operations mean that definitive answers are often elusive.
Cyber Attribution
- 2. The idea of Cyber Attribution is nothing new. This simply means attributing an attack to a specific group or individual.
- 3. This becomes harder when the attack comes from someone who hides their tracks by covering it up with another group's cyber signature, language, methods, etc. Some of the most notable examples are Stuxnet and Shamoon.
- 4. Many people wondered "Who did this?" during both of these events, but that question was never answered until recently with the release of some documents by Edward Snowden which point towards yet another revelation inside of 2013: The United States Government has been working on software (with codenames like EgotisticalGiraffe) designed to specifically mimic other Governments' malware signatures in order to make them think they are attacking that Government.
- 5. This is known as an act of Cyber False Flagging, which has also been called the "Second 9/11". The idea behind this is that you make it look like your enemies are attacking you so the people rise up and call for war against them. This may seem crazy to some people but there actually was a bill proposed in Congress last year ( HR 367 ) to completely do away with the US's responsibility to be first responders during cyber attacks.
- 6. So now that we have all these facts about Cyber Attribution let's talk about what makes this concept complicated: You don't know who everyone is or what their motivations are, sometimes it takes years just to figure out if two groups are really one group pretending to be two separate ones or if they are actually two different groups.
- 7. Sometimes the answer lies in the lies that you tell yourself, sometimes it happens without anyone realizing what happened, and sometimes it reveals itself when no one is looking for it.
- 8. It's true that attribution can be hard, but there are some things to know about Cyber Attribution . If you want to know if an act of cyberwarfare was done by a specific group there are certain aspects of evidence you must look at:
- 9. Technical Evidence (programs used, time frames involved, etc.) · Logistical Evidence (where did funding come from? Where did the attack take place?) · Psychological Evidence (what language was used in the message at hand? What is their known personality like?) · Digital Evidence (how did the groups communicate and share information before this incident?)
- 10. If you can prove each of these elements, then you'll have a better case for attribution. For example: let's say your entire power grid goes down at 8:00AM on a Tuesday and we know that hackers from Eastern Europe were using Russian language to talk to other countries in Eastern Europe during the time frames involved so… chances are it was Russia who did it.
- 11. Attribution isn't always black and white though. Sometimes there are gray areas where nations go against others covertly to help achieve their goals without anyone knowing about it or even if they know about it. There are also cases where two groups may seem like they're working together but they're actually not, because one group wants everyone to think that they are.
- 12. Sometimes the line gets blurred because of how much the Internet is used to mask identities and other times it can be blurry just because someone doesn't want to admit what happened so you don't find all the answers right away. As long as there's Cyber False Flagging in this world you will never have perfect attribution… ever!