The compound in the industrial zone was completely gutted and trees in the area were torched
"We do not make this allegation lightly," President Donald Trump's assistant for homeland security and counterterrorism, Thomas Bossert, wrote in a Wall Street Journal op-ed on Tuesday. "It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government."
That may be true, but he doesn't cite the evidence. Neither did UK Security Minister Ben Wallace and Microsoft President Brad Smith. As usual in such cases some cybersecurity researchers have argued against the attribution. For example, business intelligence firm Flashpoint has suggested, based on the linguistic analysis of language versions of the ransom note that appeared on infected computers' screens, that the original was written in Chinese, not Korean, suggesting Chinese involvement.
Usually, technical attribution judgments are based on a combination of two factors: Similarities with other attacks (the use of similar software or the same attack servers, timestamps on the malware that suggest regular working hours in a certain time zone) and a basic understanding of commercial or geopolitical motive. For example, the 2014 Sony hack was linked to North Korea because some of the code and attack infrastructure was similar to those used in an earlier hack of South Korean banks, and because North Korea had a clear motive - to punish Sony for its intention to release a comedy mocking Kim Jong-un. Similarly, last year's Democratic National Committee hack has been linked to a Russian "advanced persistent threat," or hacking organisation, based on the malware, the use of a server that was also involved in an earlier attack on the German parliament, and the alleged group's target list that maps well onto Russia's geopolitical interests.
In an excellent summary of recent attribution cases and methods, Klaus-Peter Saalbach of Osnabrueck University in Germany argued that impersonating an "advanced persistent threat" for a false-flag operation is a tough proposition. "It is difficult to mimic the attack of an APT even when the malware of the respective hacker group is available on the black market," Saalbach wrote. "The attacker needs to be aware that the cyber security companies do not present their full knowledge to the public, that the intelligence of [a] state may also know more about the usage and of course the original hacker group knows their malware better than others."
Still, such an impersonation is all but impossible to rule out. As the RAND Corporation wrote in a report this year: "Sophisticated adversaries that want to avoid attribution will carefully dedicate resources to deploy false indicators and cast suspicion on other parties. For example, the Russian-speaking actor associated with the Cloud Atlas APT used a document written on a native Spanish-speaker's computer and incorporated Arabic strings, Hindi characters, and rotated IP addresses-probably to complicate attribution. It is conceivable that each of the indicators utilised in attribution could be manipulated in a way to delay or completely avert attribution."
The temptation for bad actors to go to the trouble is huge, what with the great powers engaged in a cool war, and the tools they use periodically leaking out. WannaCry used a National Security Agency-discovered vulnerability in the Windows operating system. It's especially difficult to make a meaningful attribution when technical and geopolitical elements don't quite align. For example, Russia was the country hardest hit by WannaCry, with Ukraine, India and Taiwan also suffering much damage. The last thing North Korea wants to do is hurt Russia, however: It's the most dovish of the great powers on the North Korean regime. Nor does it have a fight to pick with India or Ukraine.
It's easy for the US to accuse its adversaries of cyberattacks. Nobody believes the denials and the accusations often serve domestic political purposes. In the case of North Korea, they underscore the Trump administration's political priorities, in Russia's case, those of its rivals. Blaming China, with which the US has more of a constructive relationship, is more problematic. Though some in the cybersecurity community have faulted China for the Office of Personnel Management hack, in which the data of millions of US government employees' personal data were stolen, neither the White House nor the intelligence community has come out with accusations. A group of alleged Chinese hackers was recently indicted for breaching three companies, but no Chinese government involvement was mentioned in the indictment and personal gain was named as the motive.
So all the public has by way of evidence is the educated guesses of cybersecurity firms. There's a problem with them, though.
Earlier this year, CrowdStrike, the firm responsible for the initial attribution of the DNC hack, was forced to rewrite a report that claimed a Russian hack of a Ukrainian artillery application caused heavy military losses.
It's not inconceivable that attack attribution can, in extreme cases, mean the difference between war and peace. Even in less extreme ones, it can sully relationships between countries. It's a serious matter - but it is now the domain of government spokespeople expecting to be taken on trust and cybersecurity companies with their conflicts of interest and failures of execution. In its report, Rand recommends the creation of an independent international body, perhaps financed by top tech companies that would work out a set of attribution rules and apply them to analysis of high-profile breaches, followed by a peer review process.
Such attribution judgments wouldn't be 100 per cent reliable, and spies would still hold their non-technical evidence close to the chest, but at least there would be more certainty for the general public that political biases and commercial considerations are accounted for. It's something to wish for in 2018: High profile breaches will continue, and accurate attribution will be ever more important.
- Bloomberg
The compound in the industrial zone was completely gutted and trees in the area were torched
Indian tourists stay in the Southeast Asian destination for an average of eight nights and spend $100 per person per day
Omar Al Marzouqi, who won silver medal in individual showjumping at the Youth Olympics in 2018, will serve as the country’s flag-bearer during the Opening Ceremony
The authority has urged motorists to drive cautiously and to abide by traffic rules and regulations
Anticipation is high as the prestigious QPL T20 League prepares to announce its organiser, setting the stage for a thrilling showcase of global T20 talent and fierce competition
Introducing Trikon: Leading the charge in Web3 gaming
Ayush Gupta has been instrumental in evolving AG Events from a modest event planning company into a prominent player in the events, communications, and entertainment industry in the region
Authorities urge the public not to respond and avoid falling into the trap