When Nation States attribute a particular group or another country some of their evidence is often left out of public view, for reasons of National Security. The United Kingdom’s decision to publicly attribute this incident is significant, as the UK has previously stated that they, and their allies, will not tolerate malicious cyber activity. The Russian press security responded stating that they: categorically reject such accusations, we consider them to be unsubstantiated, groundless, and, in fact, it’s nothing more than the continuation of such a Russophobes campaign, which is not based on any evidence. The United States government does not often attribute cyber activity, but when it does so officially, it usually does so with a range of credible information, beyond technical intelligence. Additionally, it is not unusual for North Korea to issue harsh rhetoric in response to statements by Washington and/or Seoul. Kremlin sponsored cyber actors APT28 (or Fancy Bear, named by Symantec) were publically accused of US election meddling and critical infrastructure targeting in sanctions issued last week by the Department of Treasury. While the US, UK, and others have publically accused the Kremlin of such activities, there is no indication that the Russian government intends to slow down or halt these campaigns, as they have been wildly successful in advancing Russia’s interests globally. It is attribution’s like these that are developed and analyzed by only the government’s that lead numerous security researchers baffled that the evidence is not at the very least allowed to be analyzed by a third party for verification of evidence.
Because of the unchecked methods of attribution companies are hurt drastically as well. For instance, looking at Huawei and ZTE… Concerns about Huawei and ZTE are not new. A 2012 House Intelligence Committee report identified both companies as a national security threat, encouraging private companies to consider the long-term security risks of doing business with either Huawei or ZTE. Even applications we download on our phone have the passivity to be exploited for both state sponsored attacks and private citizen’s capability. Anyone can submit applications to the stores for anyone to download without any oversight. Notoriously the Google Play store is plagued with applications that be leveraged for attacks without knowing who has uploaded the applications for the public consumption.
While most apps appear to be in the Google Play Store, it was noted that some were on Apple’s App Store, as well. Analyst Comment: This revelation is the latest in an ongoing conspiracy theory that tech giants (like Facebook) secretly listen-in on conversations in order to offer-up relevant ads. Whether the conspiracy is true or not, the security researchers encourages all users to regularly audit their privacy settings on their mobile devices and the apps on those devices.
The data a company collects on its user’s can also be seen as information to figure out an attribution evidence. Take Strava for instance, a fitness social network that allowed for the sharing of your running routes and times. While to the everyday user this is great because you can find new routes from friends. Looking at a military aspect, a nation station could see military layouts based on heat maps. The greatest risk factor introduced the Strava global heat map is that military and diplomatic users in high danger zones do not have anonymized data. Strava’s platform aggregates over a billion activities that can be exploited by malicious actors to gain tactical information such as the geolocation and route timetables of high value assets. This kind of data while may not seem serious to the everyday user, to a nation state it is another point of data that can assist in the best area to target to cripple lesser or stronger nation states.
The Global Commission on the Stability of Cyberspace, GCSC, is currently working on two things: a definition of an online non-aggression pact, and a definition of what should not be attacked in a cyberwar. The group recently agreed on the wording “public core of the internet” to describe the online resources that should be out of bounds for state-conducted cyber attacks.
Numerous experts believe and agree, cyber space does not need a governing body of law, “application of international law to cyber activities is accordingly a matter of identifying the relevant legal principles that bear on the person, place, object, or type of activity in question” (Schmitt, Michael N.). While no one government can measure how a society could be free from cyber attacks, nations can invest more into the preventive measures and the resources associated in their protection. However, it is also mindful that any laws need to be responsive to the current trends in technology and not become severely outdated.
...(download the rest of the essay above)