Crossroads Blog | Institute National Security and Counterterrorism

anonymity, cyber attack, hackback

Dark Reading: Attribution and the False Flag Problem

FireEye released a new report detailing how victims of cyberattacks can follow the specific methods used in a strike to tie the perpetrator to the attack.  However, as Dark Reading reports, there is one giant warning that accompanies these suggestions—beware of false flags, which many believe occur daily.  As one Senior FireEye Threat analyst, Kenneth Geers, says:

At the nation-state level, computer forensics, reverse-engineering, and log-file analysis are only one part of cyber attribution.  Governments have human and signals intelligence, ‘hack backs,’ law enforcement, diplomacy, economic pressure, political incentives, and much more.  It’s easy to forget how big the national toolbox really is.

FireEye’s report also discusses the company’s analysis of Chinese malware, according to Dark Reading.  Looking at the inexpensive but effective methods employed by Chinese hackers, as well as attacks launched from Eastern Europe, the conclusion reached by pros like Professor Thomas Wingfield of the Marshall Center is:

False flag operations and the very nature of the internet make tactical attribution a losing game.  However, strategic attribution—fusing all sources of intelligence on a potential threat—allows a much higher level of confidence and more options for the decision maker.  And strategic attribution begins and ends with geopolitical analysis.

Leave a Reply

anonymity, cyber attack, hackback

Dark Reading: Attribution and the False Flag Problem

FireEye released a new report detailing how victims of cyberattacks can follow the specific methods used in a strike to tie the perpetrator to the attack.  However, as Dark Reading reports, there is one giant warning that accompanies these suggestions—beware of false flags, which many believe occur daily.  As one Senior FireEye Threat analyst, Kenneth Geers, says:

At the nation-state level, computer forensics, reverse-engineering, and log-file analysis are only one part of cyber attribution.  Governments have human and signals intelligence, ‘hack backs,’ law enforcement, diplomacy, economic pressure, political incentives, and much more.  It’s easy to forget how big the national toolbox really is.

FireEye’s report also discusses the company’s analysis of Chinese malware, according to Dark Reading.  Looking at the inexpensive but effective methods employed by Chinese hackers, as well as attacks launched from Eastern Europe, the conclusion reached by pros like Professor Thomas Wingfield of the Marshall Center is:

False flag operations and the very nature of the internet make tactical attribution a losing game.  However, strategic attribution—fusing all sources of intelligence on a potential threat—allows a much higher level of confidence and more options for the decision maker.  And strategic attribution begins and ends with geopolitical analysis.

Leave a Reply

Bitnami