Cyber attribution is the process of identifying the source of a cyber attack, which can be complicated by tactics like false flagging, where one group disguises its actions as those of another. Recent revelations indicate that the U.S. government has developed software to mimic other nations' malware, potentially to provoke conflict. Accurate attribution relies on various types of evidence, and the inherent complexities of cyber operations mean that definitive answers are often elusive.

1. Cyber Attribution

2. The idea of Cyber Attribution is
nothing new. This simply means
attributing an attack to a specific
group or individual.

3. This becomes harder when the attack comes
from someone who hides their tracks by
covering it up with another group's cyber
signature, language, methods, etc. Some of the
most notable examples are Stuxnet and
Shamoon.

4. Many people wondered "Who did this?" during both of these events, but
that question was never answered until recently with the release of
some documents by Edward Snowden which point towards yet another
revelation inside of 2013: The United States Government has been
working on software (with codenames like EgotisticalGiraffe) designed
to specifically mimic other Governments' malware signatures in order
to make them think they are attacking that Government.

5. This is known as an act of Cyber False Flagging, which has also
been called the "Second 9/11". The idea behind this is that you
make it look like your enemies are attacking you so the people
rise up and call for war against them. This may seem crazy to
some people but there actually was a bill proposed in Congress
last year ( HR 367 ) to completely do away with the US's
responsibility to be first responders during cyber attacks.

6. So now that we have all these facts about Cyber Attribution
let's talk about what makes this concept complicated: You
don't know who everyone is or what their motivations are,
sometimes it takes years just to figure out if two groups
are really one group pretending to be two separate ones or
if they are actually two different groups.

7. Sometimes the answer lies in the lies that you
tell yourself, sometimes it happens without
anyone realizing what happened, and
sometimes it reveals itself when no one is
looking for it.

8. It's true that attribution can be hard, but there are
some things to know about Cyber Attribution . If
you want to know if an act of cyberwarfare was
done by a specific group there are certain
aspects of evidence you must look at:

9. Technical Evidence (programs used, time frames involved, etc.)
· Logistical Evidence (where did funding come from? Where did the
attack take place?)
· Psychological Evidence (what language was used in the message at
hand? What is their known personality like?)
· Digital Evidence (how did the groups communicate and share
information before this incident?)

10. If you can prove each of these elements, then you'll have a better
case for attribution. For example: let's say your entire power grid
goes down at 8:00AM on a Tuesday and we know that hackers
from Eastern Europe were using Russian language to talk to
other countries in Eastern Europe during the time frames
involved so… chances are it was Russia who did it.

11. Attribution isn't always black and white though. Sometimes there
are gray areas where nations go against others covertly to help
achieve their goals without anyone knowing about it or even if
they know about it. There are also cases where two groups may
seem like they're working together but they're actually not,
because one group wants everyone to think that they are.

12. Sometimes the line gets blurred because of how much the
Internet is used to mask identities and other times it can be
blurry just because someone doesn't want to admit what
happened so you don't find all the answers right away. As
long as there's Cyber False Flagging in this world you will
never have perfect attribution… ever!