The development in any attribution documentation for cyber related attacks, is to review all information from collected digital evidence to any other pertinent facts founds. While the topic is broad in nature, we will review a cyber attack that was perpetrated from ally countries and third world countries. However, after further investigation found to be a state-sponsored attempt. Attribution of attack will be looked at and how the attribution was clarified.
Think of attribution in regards of a playground fight, where a teacher breaks up two students and asks both those involved and witness, “Who started this?” This is our very first attempt at attribution. When looking at attributions, we begin to look at Advanced Persistent Threats (APT), the scale and resources are assessed and then a determination on the best incident response is evaluated and correlated from possible previous attacks or known attacks. Identifying and knowing malicious users behind any attack is important, understanding is the teenager is just proving his/her capability or a nation state proving their superiority.
Weather a single person angry about not getting the job they wanted like Todd Gori, who was sentenced to 37 months in prison for threating a cyber attack against a healthcare software company or Kamyar Jahanrakhshan of Seattle charged with extortion can and will be attack vectors to be exploited. Regardless of the medium, cyber extortion will remain a persistent threat as long as cybercriminals find it lucrative. However, cybercriminals don’t usually demand employment at the company they attack. Earlier this year, Kamyar Jahanrakhshan, of Seattle, was charged with extortion after the FBI claimed he launched a cyber attack against Leagle[.]com and several other media companies after the companies refused to remove the link to a court documents involving him from their site.
The attack on Estonia supposedly, without enough data collected it can only be summarized the location was only part of the attack. When looking at different groups, possible motives are also deemed necessary evidence weather nation state or personal cause. Looking at the offending users, it also appears that private citizens were involved, only showing their actions will be even further difficult to prove. Any attacked Nation by this possible group would need to prove the private citizens received direct instructions from the Nation State, not to mention the sophisticated malware that was used in the attack. Looking at the NSA documentation released to the public, the attack itself was treated as espionage, but not an act of war. Currently both United States and Nations abroad have no legal definition of an act of war in regards to cyber attack or what the potential for use of force for reaction. Attacks lasted months and were targeting public infrastructure, with severe affects in both government and civilian daily life. Malicious users were using servers in numerous countries to perpetrate attacks making it increasingly difficult to gather evidence.
This was the first instance where a nation was attacked on this scale. Security researchers even believed this to be a testing ground or precursor to the attack on the Democratic National Committee by a hacker known as Guccifer 2.0. United States. investigators identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow. Guccifer 2.0 previously claimed responsibility for high-profile hacks of political entities, including the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC).
However again since majority of evidence is never released or evaluated by a neutral or third party we can only summarize what is told to us by the government and gathered by open source intelligence methods security researchers employ.
Numerous factors are to be considered when looking at possible nation state cyber attacks. From physicals affects from the severity of such attacks, possible proliferation, validity, directness. A botnet was seen and monitored, however there was not physical damage involved and no evidence reflects that the power plant in the United States was the intended target when looking at the malware. The vulnerabilities exploited compared to what the malware was capable of doing did not align. Looking at the line the attack followed, seeing the infrastructure from other smaller countries, whose infrastructure was used to route the attack is warranted and they should have no reason not to comply since they are a United States ally. Doing so allows a proper response towards Estonia, and how to protect in the future other smaller nations when such an attack happens.
...(download the rest of the essay above)