Enhanced Attribution: An Engine To Identify Hackers
Pentagon researchers expect to initiate a new program by early 2018 to better identify hackers and cybercriminals. The “Enhanced Attribution Program” will enable the government to not only characterize an attacker, but also share a cybercriminal’s modus operandi with prospective victims, and predict where they will strike next.
"The idea is to not only look at the bullets but also the weapon," explained Angelos Keromytis, the program leads at the Defense Advanced Research Projects Agency (DARPA), referring to a hacker’s IT resources.
Defense officials plan to be able to tap into laptops as well as smartphones and other internet-enabled devices. By contrast, under current security protocols, hackers effectively mask or misdirect data to avoid detection from authorities.
The program seeks to mimic and recreate the criminal, to get ahead of their next move and potentially catch them at their next point of attack. Supposing that DARPA is capable of producing the tech capable of telegraphing attribution, the group faces another challenge, by apprehending a hacker or releasing warnings to the public, they may ultimately expose proprietary methods.
Keromytis has stated concern that sharing too much information about an adversary with the public may embolden others to find new ways to circumvent federal officials.
The US recently faced a similar challenge, by indicting Iranian Revolutionary Guard hackers, explained NSA security scientist Dave Aitel. "By indicting these individuals the US government showed the world – and showed Iran – what it knows about the Iranian effort and this announcement reveals more than just what the US is able to attribute, it also signals what it does not know and cannot detect."
In the short term, Keromytis hopes that the new tech he is proposing may have beneficial applications against financial criminals and other forms of hacking. "That is my hope and it’s not an idle hope," he said.
DARPA expects that by the end of 2020 the system could accumulate sufficient data to nab "A-Team hackers," cybercriminals, or privateers, sponsored by governments.