…or Anthem-inspired Amateur Attack Attribution Aid
Back when the Anthem breach was first being discussed (FUDdified) on Twitter, I spotted an informed, good humoured and slightly weary sounding exchange between Brian Honan, Professor Alan Woodward and Rowenna Fielding.
Prof Woodward kicked it off:
[tweet 563453074141118465 hide_thread=’true’ width=’700′]
Rowenna (insightful as always)…
[tweet 563604947418509312 hide_thread=’true’ width=’700′]
…before the good natured cynicism kicked in from Brian and the Prof:
[tweet https://twitter.com/BrianHonan/status/563627253591199745 hide_thread=’true’ width=’700′]
[tweet 563629019091197952 hide_thread=’true’ width=’700′]
[tweet 563629878223056896 hide_thread=’true’ width=’700′]
[tweet 563630607499272192 hide_thread=’true’ width=’700′]
[tweet 563631116075413504 hide_thread=’true’ width=’700′]
[tweet 563631419474575360 hide_thread=’true’ width=’700′]
So hopefully my amateur artwork at the top now makes sense…weeble – 3VIL? No? Ahh well.
Frustration at the attribution-go-round we see with all high profile breaches
Sometimes muddied by corporate notification delay, hesitation about revealing details (understandable to some extent), or governments getting involved. More often opaque because attribution IS tough and many in-house and even consulting forensic investigators struggle.
Hardest of all to pin down, even when you’ve dug the digital depths, is motive. Ok, sometimes it’s bleeding obvious, but when it’s not, most folk don’t have an in-house psychic. Closely followed by all the contributions to the kill chain made by accidents and coerced, poorly educated or just plain daft staff.
No-one in security enjoys reporting to an overexcited client or CXO with only half-baked theories, a new exploit logo and populist pap from the papers in hand.
Don’t get me wrong, please, take your time. But if you’re not someone working to find and verify facts, feel free to keep the high profile ‘whodunnit’ hoo-ha to yourself. Not just to clear muddy waters, but, (depending on your ethics and perspective), to avoid creating pain by irresponsibly flagging exploits and vulnerabilities to hoards of wannabes.
And now (as this is far from my core area of expertise) here is some very much less amateur advice and commentary:
- Schneier On Security – Attack attribution in cyberspace and Attributing the Sony hack
- TandFOnline (Tom Rid & Ben Buchanan) – Attributing cyber attacks and
- Digital Dao (Jeffrey Carr) – A critical review of Tom Rid and Ben Buchanan’s “Attributing Cyber Attacks”
- Uncommon Sense Security (Jack Daniels) – We need to talk about attribution
- Errata Security Blog (Robert Graham) – Explaining the Game of Sony Attribation and Sony hack was the work of SPECTRE
- Hacker Tradecraft (The Grugq) – Cyber Attribution In Cyber Conflicts. Cyber
- NATO Cooperative Cyber Defense Centre of Excellence (Jeffrey Carr) – Responsible Attribution: A Prerequisite for Accountability