In cyberspace you don’t see your attacker (that’s why we don’t know who hacked Sony).

Our hawks (aka warmongers), with their loyal journalist-enablers, have sparked a new round of hysteria about North Korea’s cyber-attack on Sony. Kim Zetter at Wired gives a good analysis in “North Korea Almost Certainly Did Not Hack Sony“. The Hollywood Report cites insiders pointing to disgruntled current or former employees (Sony has many of both). To understand why we might never know the guilty party, see this post by Marcus Ranum from 2011: attribution of cyberattacks runs from difficult to impossible. Click at the end to see the full post.

Cyberwar: About Attribution (identifying your attacker)

Summary:  Identifying the attacker is the key to modern military defense, so one can launch a reprisal or counter-strike.  But attributing cyberattacks is difficult because nothing in cyberspace has to look like anything familiar. How do you attribute a weapon that was created out of thin air and used by an enemy that has no physical location?  Links to other chapters of this series are at the end.

CyberCrime .

Contents

  1. Cyberspace, Novel Weapons, and Location Independence
  2.  Technology, Language, Culture, and Cui Bono
  3.  A Model For Attribution
  4. About the author
  5. For more information

(1)  Cyberspace, Novel Weapons, Location Independence

Cyberspace does have some unique attributes which are not mirrored in the real world. Such as the nonexistence of “territory”.  There is no “there” there.  Some of the things we are accustomed to taking into account in warfare are missing: hostile forces do not need an ‘assembly zone’ that can be detected and watched. Nor do they have to cross ground — where they leave traces of the type that we’re used to dealing with.

Imagine if a hostile power was going to insert a cover operations team into a target area and wanted to be stealthy enough to achieve plausible deniability. In the past troops could be outfitted with uniforms that had been carefully scrubbed of clues to their origin, “sanitized” weapons, etc. Providing such kit was expensive and exacting work. Inserting them into a target, nowadays, would entail avoiding the ubiquitous video-surveillance cameras, providing false identities under which to travel, laundering funds for the operators, and then having an equally carefully scrubbed extraction plan.

In the real world, this kind of thing is expensive and complex. In cyberspace it is relatively easy and practically free. There are some caveats about the “easy and free” claim, depending on the quality of the defenses that are being attacked but — as we’ve been assured over and over again by our government’s own technical experts — our defenses, to put it bluntly, suck.

{ Click here to read the full post }

Advertisements