Attributing a cyber-attack is at best problematic, attacks are on the increase and now exploiting the Internet of Things, there are suggestions of state on state actions. Philip Ingram from Security News Desk and SecurityMiddleEast.com elicits comment from cyber experts Guy O’Donnell from PGI and Pierluigi Paganini from securityaffairs.co.
Attributing a Cyber Attack
Cyber Attacks are on the increase and are exploiting the Internet of Things but also leading to suggestions of possible state on state actions. Attributing a cyber-attack is challenging, so Philip Ingram from Security News Desk and SecurityMiddleEast.com elicits comment from cyber experts Guy O’Donnell from Protection Group International (PGI) and Pierluigi Paganini from securityaffairs.co.
Guy O’Donnell introduced the issue, “Attribution, the practice of assigning responsibility for cyber activity to a specific actor or sponsor, is often characterised as an exercise of ‘informed’ guesswork. But it is perhaps better thought of as a challenging investigative process, the purpose of which is to reduce uncertainty. At the technical level, the proliferation of sophisticated encryption and anonymity techniques frustrate the process, while at the strategic level cyber actors will increasingly transmit disinformation, or conduct ‘false flag’ operations, as was the case in the TV5 monde attack.
This ambiguity can have profound implications for how countries will conduct foreign policy. For example, in the absence of defined norms of behaviour in cyberspace the established rules of engagement are less well-defined. Without firm attribution where does the ‘redline’ sit? Furthermore, if the public is expected to support government action, sufficient evidence will be required. Trust in intelligence agencies is however low, and releasing such information will undoubtedly reveal unique capabilities and access to an adversary. Options for responding to a cyber incident may therefore be principally defensive, at least in the short term.
But this does not mean cyber is confined to a zero-sum game. Even in the absence of firm attribution the threat of cyber operations can be used to exert influence; gauge an adversaries risk appetite; allow for psychological operations, all with a degree of plausible deniability. In short, it can be used as a form of ‘muscular diplomacy’, occupying the middle ground between military posturing and sabre-rattling rhetoric.”
Dyn Inc DDOS attack
Pierluigi Paganini, the owner of the award winning blog securityaffairs.co, talked of the attack against the US based Domain Name System (DNS) company Dyn Inc who provide an “address book for the internet,” that resulted in Pay Pal, Pinterest and Twitter amongst others suffering outages, “IT security experts have no doubts, hackers powered the massive DDoS attack with a huge botnet composed of IoT devices infected by the Mirai malware.
We are all trying to discover who is behind the attack. However, while the massive DDoS attack was creating the panic among netizens on the Internet, WikiLeaks invited its supporters to stop the offensive.”
He went on to write, “WikiLeaks confirmed that its supporters launched the massive DDoS attack to protest against the decision of the Ecuadorian government to cut off the Internet connection of the WikiLeaks founder Julian Assange due to the US Political election leaks.”
Then adding, “The hackers confirmed me that they started the massive attack against the Dyn DNS service, anyway, they were not alone. According to the NewWorldHacking, many other groups linked to the Anonymous collective participated in the attack. When I asked which Anon groups were involved they replied me that many crews targeted the Dyn DNS service.
“Anonymous, Pretty much all of Anonymous.” They told me that they are testing the capability of their botnet, highlighting that the DDoS attack against the Dyn DNS Service was carried with the Mirai botnet alongside with other booters.
Most interesting, he concluded, is their motivation, “Not only the Assange’s case, but said that the attack is also a message for the Russian Government. “If Russia is against the U.S we are against Russia. This is where we draw the line, we are sending a warning message to Russia “
Looking to wider US – Russian relations O’Donnell commented, “The recent deterioration of US-Russia relations, a facet of which has been escalating cyber breaches, neatly illustrates the posturing - sabre rattling middle ground. US Vice President Joe Biden’s recent statement on the possibility of cyberattacks against Russia wasn’t clear on the nature of the US response. If the threat of a US ‘clandestine’ cyberwar on Russia was serious, then it would not have been announced. Yet, the deterrent impact of any operation would be limited if it were kept completely secret.
Regardless of whether this is the last bastion from an administration soon to be replaced, the US will walk a difficult line in defining a response. Moreover, it demonstrates the utility of ‘muscular diplomacy’ to publicly voice discontent whilst sending a strong deterrent message to an adversary.”
Putting it together, Ingram concludes, “What is clear is attributing a cyberattack to one particular actor will remain challenging; that said cyberattacks are likely to continue or get worse. It is too easy to forget that cyberattacks are started in the physical world by a person and end up having an effect in the physical world on people. The means is via computer code and the environment the perpetrators manoeuvre through is a cyber environment. However, the reality is that these events are a physical security challenge and the traditional barriers between physical and IT Security must be bulldozed aside quickly.”