State Sponsored Hackers: Finding The Country Behind The Attack

Security experts don't just want to know how a cyberattack happens, but what country the attack is coming from.

Headlines about hacking incidents have become commonplace, particularly in the recent months leading up to the US Presidential election. Whether it's breaches of voter registration systems, the US Democratic National Committee, or the World Anti-Doping Agency, experts are feverishly trying to figure out who is behind the crimes.

More specifically, they want to know whether a sovereign state could be supporting those attacks. Lately, they especially want to know if it's Russia.

Experts say the WADA perpetrators were Russian hackers operating under the banner "Fancy Bear," with several US officials pointing fingers at the Russian government specifically.

Moscow has repeatedly denied involvement with that group and other international cyberattacks.

So how do experts assess whether a country could be behind a hacking operation? It's often simple economics. "I think that you can certainly make the argument that this group of repeat offenders, known as Tsar Team (Fancy Bear), is backed up by a government (allegedly Russian intelligence agencies), not only because of the substantial amount of money needed ... but also because of its level of coordination and sophistication," said Francesca Spidalieri, senior fellow for cyber leadership at the Pell Center for International Relations and Public Policy.

Other experts emphasize technological factors. Steve Grobman, CTO at Intel Security, told CNBC that a lot of the technology needed to execute an attack are available on the black market, for example, and are not necessarily all that expensive. "A better indication of who an attack can be attributed to," he said, "comes when you actually get to take a look at things like the source code and can understand the level of sophistication something was built with."

Grobman's team analyzed a portion of the technical forensics associated with the World Anti-Doping Agency attack and concluded that there was insufficient evidence to definitively point the finger at the Russian government.

"We investigated the technical details that were publicly available around the WADA hacking case and compared them against other technical indicators and TTPs [tactics, techniques and procedures] we have gathered over the years," he said. "The amount of available technical details combined with some similar TTPs are not enough evidence in our opinion to attribute this campaign to a certain group or state-sponsored operation."

Scott Borg, director and chief economist at US Cyber Consequences Unit, an independent, non-profit research institute, told CNBC that he's confident the attack was carried out by Russian groups tasked with spreading Russian President Vladimir Putin's political and military agenda.  "This is as certain as anything can ever be in the cyber realm," he said. 

Borg said the Russian government maintains close relationships with many hacker groups, and said it has a history of other cyber-attack campaigns designed to influence political outcomes, particularly in Eastern European countries.

Russia is widely blamed for a broad campaign of cyberattacks against Estonia in 2007, though some experts still question whether there's enough evidence to connect the Kremlin to that attack.

"The hacker groups that the Russian government employs to do its bidding range from consulting groups regularly hired by the Russian government to criminal enterprises with which the Russian government only has slight, arms-length contact," Borg said.

Borg cautioned, though, that just because he believes a nation state was responsible for these attacks does not mean infiltrating the systems themselves required the resources of a country's government.

Matthew Prince, CEO of internet security firm CloudFlare, told CNBC he is skeptical about claims that the Russian government is funding the latest spate of hacks. "The power of computers and of a single determined individual to be able to cause great harm, even if they are not well-financed, is pretty astonishing," he said.

The bottom line, said Bruce Schneier, security expert and CTO at Resilient, an IBM company, is that in terms of figuring out who's really behind a hack, "it's incredibly complicated."

"We do the best we can, but it's not great," Schneier said. "Attribution is just hard in cyber space."

CNBC:

 

« Drone-Visuality: The Psychology Of Killing
Difficult: Attracting Women To Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.