Corporate security

A5 Guide To Cyber Attack Attribution

…or Anthem-inspired Amateur Attack Attribution Aid

Anthem Back when the Anthem breach was first being discussed (FUDdified) on Twitter, I spotted an informed, good humoured and slightly weary sounding exchange between Brian Honan, Professor Alan Woodward and Rowenna Fielding.

Prof Woodward kicked it off:

Rowenna (insightful as always)…

…before the good natured cynicism kicked in from Brian and the Prof:

So hopefully my amateur artwork at the top now makes sense…weeble – 3VIL? No? Ahh well.

Frustration at the attribution-go-round we see with all high profile breaches

199-blamestorming
Sometimes muddied by corporate notification delay, hesitation about revealing details (understandable to some extent), or governments getting involved. More often opaque because attribution IS tough and many in-house and even consulting forensic investigators struggle.

Hardest of all to pin down, even when you’ve dug the digital depths, is motive.  Ok, sometimes it’s bleeding obvious, but when it’s not, most folk don’t have an in-house psychic. Closely followed by all the contributions to the kill chain made by accidents and coerced, poorly educated or just plain daft staff.

No-one in security enjoys reporting to an overexcited client or CXO with only half-baked theories, a new exploit logo and populist pap from the papers in hand.

Don’t get me wrong, please, take your time. But if you’re not someone working to find and verify facts, feel free to keep the high profile ‘whodunnit’ hoo-ha to yourself. Not just to clear muddy waters, but, (depending on your ethics and perspective), to avoid creating pain by irresponsibly flagging exploits and vulnerabilities to hoards of wannabes.

And now (as this is far from my core area of expertise) here is some very much less amateur advice and commentary:

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s