Attributing “hack attacks” to specific nations is not reliable
Publicly pointing fingers at responsible parties may gain headlines, but it behooves the accuser to be right to retain credibility. In the high-profile attack two years ago on Sony Pictures Entertainment (SPE), President Obama and the Federal Bureau of Investigation squarely blamed North Korea for the assault that crippled the company’s operations for months. While Mandiant convinced the U.S. government and Sony that North Korea was the culprit, numerous security firms – including Kaspersky Lab and AlienVault, as well as a Novetta-led consortium calling themselves Operation Blockbuster – concluded attribution in this case was inherently unreliable and based on circumstantial evidence.
“While the infrastructure used in the SPE attack overlaps with infrastructure attributed to malicious cyberactivity linked to North Korea, previously malicious IP addresses are not necessarily still used by the same attackers,” the February 2016 Novetta report stated.
“Attribution is never definitive because with enough knowledge and preparation, a sophisticated adversary can masquerade as a different threat actor,” cautions James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based think tank.
A related issue is that in many instances, multiple attackers can get inside a network. For example, Wikileaks says their source of leaked John Podesta emails was not affiliated with Russia. Meanwhile, the US government insists that Russia hacked the Democratic National Committee systems.
Some in the news media suggest that someone is lying – yet both claims are likely true as it is possible and even likely that multiple hackers entered the system (or as Wikileaks hints, their source was a DNC insider).
The US media and the US government are in near hysteria over allegations that Russian state actors hacked into US computer networks, while ignoring that the NSA does exactly this to government and private organizations world wide, and even snooped on telephone conversations of allies such as German Chancellor Angela Merkel. Or that in the 1950s, US government agencies appeared to interfere in Central American governments to specifically benefit the United Fruit Company.
In today’s hysteria we have forgotten what we learned about our own nefarious actions a short time ago. The lesson should be to pay attention to security issues and to constantly work to monitor and secure our networks. Everyone is hacking everyone else!
My 4 blogs receive hundreds of hack attempts every single day – and my blogs are quite obscure! I use several layers of security measures and intend to soon add one more layer.