It sounds simple enough, but a fundamental concept in cybersecurity and digital forensics is the fact that it is sometimes extremely difficult after a cyberattack to definitively name a perpetrator.
Published WIRED magazine in relation to the hacker attribution problem we face in modern day cyberwarefare.
I did not plan on publishing my next chronicle for at least two weeks following my first installment of Law v. Hacker ‘X’ — which you can read here — so that I knew it set in and gained the exposure it deserved. I have been following this topic for a some time now and I could not resist the opportunity for my future friends, educators, and Googler’s to read about.
Six days after the U.S. intelligence chief, Dan Coats warned Americans of a “crippling cyber attack” (two decades after the Sept. 11 attacks), the Department of Justice released information giving mission for the Cyber Digital Task Force which was created in February.
Armed with fancy cover art and a table of contents, this report is nothing more than an expensive title for the many (known and unknown) three letter agencies who could not solve the problem before them.
In short, our friends Deputy Attorney General Rod Rosenstein and the Justice Department want to alert the public of cyberwarefare as “Exposing schemes to the public is an important way to neutralize them” — as if CNN was not prime at telling us anyone could buy a Facebook ad already.
When first starting my business, advisers warned me about including “fluff” into our various documents. Fluff is exactly what I think about when seeing all these reports appear courtesy of Rosenstein’s comments.
Subjectively speaking, it could be beneficial for the DOJ to be transparent on cyber related attacks, but his comes with the realization this is no more but simple hacker attribution. Are we going to forget the fact that the United States is a leader in nation-state hacking ourselves? What about the allegations that the DOJ is already holding back cyber-related information from congress?
Hacker attribution is one of the most challenging issues within cyber security and has been for many years. It’s nothing more than a far-fetched idea of attributing a form of cyber attack to the creator, his payload, and his target.
With DEFCON workshops now days, teaching kids to hack into exact replicas of Secretary of State election systems, does this transparent model make sense to announce to the public?
While not to fancy myself as the only critic, will America even accept this as news, or is it just that, “fluff”? Note: Dan Coat’s comments are not the first, or the last, we will ever hear of “the cyber of something”. Former Defense Secretary Leon E. Panetta alluded to a “Cyber-Pearl Harbor” in 2012.
In wake of this Cyber Digital Task Force, the “warning lights are blinking” and we still do not even know what type of attack we face — let alone focus on hacker attribution. How many more times are we going to read about this “crippling cyberattack on our critical infrastructure” without actually understanding what that will be?
The world of cyberwarefare goes beyond malware infected on the surface of election machines. What if we took into account the domestic abuse of our Internet of Things? We could see victims of destruction ranging from power plants to centralized banking.
In the end, is this really just one tree in a growing forest?
Share with me your thoughts and let me know what I should write about next.
I have released a new update to my website making it more organic for content consumption, contribution, and sponsorship. Be sure to check it out.
Written by Alec Ryncavage. Website | Twitter | LinkedIn
Law v. Hacker ‘X’ chronicles the political and legal landscape of cybersecurity. Stay tuned for more stories.