State Sponsored Hackers: Finding The Country Behind The Attack

Uploaded on 2016-10-04 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Security experts don't just want to know how a cyberattack happens, but what country the attack is coming from.

Headlines about hacking incidents have become commonplace, particularly in the recent months leading up to the US Presidential election. Whether it's breaches of voter registration systems, the US Democratic National Committee, or the World Anti-Doping Agency, experts are feverishly trying to figure out who is behind the crimes.

More specifically, they want to know whether a sovereign state could be supporting those attacks. Lately, they especially want to know if it's Russia.

Experts say the WADA perpetrators were Russian hackers operating under the banner "Fancy Bear," with several US officials pointing fingers at the Russian government specifically.

Moscow has repeatedly denied involvement with that group and other international cyberattacks.

So how do experts assess whether a country could be behind a hacking operation? It's often simple economics. "I think that you can certainly make the argument that this group of repeat offenders, known as Tsar Team (Fancy Bear), is backed up by a government (allegedly Russian intelligence agencies), not only because of the substantial amount of money needed ... but also because of its level of coordination and sophistication," said Francesca Spidalieri, senior fellow for cyber leadership at the Pell Center for International Relations and Public Policy.

Other experts emphasize technological factors. Steve Grobman, CTO at Intel Security, told CNBC that a lot of the technology needed to execute an attack are available on the black market, for example, and are not necessarily all that expensive. "A better indication of who an attack can be attributed to," he said, "comes when you actually get to take a look at things like the source code and can understand the level of sophistication something was built with."

Grobman's team analyzed a portion of the technical forensics associated with the World Anti-Doping Agency attack and concluded that there was insufficient evidence to definitively point the finger at the Russian government.

"We investigated the technical details that were publicly available around the WADA hacking case and compared them against other technical indicators and TTPs [tactics, techniques and procedures] we have gathered over the years," he said. "The amount of available technical details combined with some similar TTPs are not enough evidence in our opinion to attribute this campaign to a certain group or state-sponsored operation."

Scott Borg, director and chief economist at US Cyber Consequences Unit, an independent, non-profit research institute, told CNBC that he's confident the attack was carried out by Russian groups tasked with spreading Russian President Vladimir Putin's political and military agenda.  "This is as certain as anything can ever be in the cyber realm," he said. 

Borg said the Russian government maintains close relationships with many hacker groups, and said it has a history of other cyber-attack campaigns designed to influence political outcomes, particularly in Eastern European countries.

Russia is widely blamed for a broad campaign of cyberattacks against Estonia in 2007, though some experts still question whether there's enough evidence to connect the Kremlin to that attack.

"The hacker groups that the Russian government employs to do its bidding range from consulting groups regularly hired by the Russian government to criminal enterprises with which the Russian government only has slight, arms-length contact," Borg said.

Borg cautioned, though, that just because he believes a nation state was responsible for these attacks does not mean infiltrating the systems themselves required the resources of a country's government.

Matthew Prince, CEO of internet security firm CloudFlare, told CNBC he is skeptical about claims that the Russian government is funding the latest spate of hacks. "The power of computers and of a single determined individual to be able to cause great harm, even if they are not well-financed, is pretty astonishing," he said.

The bottom line, said Bruce Schneier, security expert and CTO at Resilient, an IBM company, is that in terms of figuring out who's really behind a hack, "it's incredibly complicated."

"We do the best we can, but it's not great," Schneier said. "Attribution is just hard in cyber space."

CNBC:

 

« Drone-Visuality: The Psychology Of Killing
Difficult: Attracting Women To Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.