Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Whodunit? In cybercrime, attribution is not easy

Taylor Armerding | Feb. 10, 2015
"Whodunit" is essential to solving crimes. You can't make an arrest or prosecute a crime if you don't even know who committed it.

"It's hard to say that anything coming from a machine that's been 'hacked to pieces' by multiple parties can definitively be attributed to anyone," he wrote.

And recent revelations have given more ammunition to the skeptics.

Carr's firm, Taia Global, announced just a week ago in a paper titled, "The Sony Breach: From Russia, No Love," that it had credible evidence that a team of Russian hackers had not only gained access to SPE in late 2014, but were still inside the company's network.

Taia said it was possible that the Russian attack was separate from the North Koreans, or that North Korea was telling the truth when it denied the attack, and, "that other hackers did, and at least one or more of those that did were Russian."

Taia relied on what it called, "a trusted Russian contact," a black-hat hacker who uses the alias "Yama Tough," who had served time in U.S. prison for cyber crimes and was deported to Russia upon his release.

Yama Tough made contact with who he said was a member of the team that hacked SPE, and provided Taia with documents and emails different from those that had already been made public -- one of them as late as Jan. 23.

That, the Taia report said, means SPE, "is still in a state of breach ... Yama Tough's Russian source appears to have at-will access to the company."

Carr, asked if his firm's report undermines his assertion that good attribution is next to impossible, said it was the human element that clinched it.

"When someone knocks on your door and hands you an envelope, assuming that you aren't blind, attribution is pretty easy," he said, adding that while he didn't trust Yama Tough in the beginning, "over time he has earned my trust by delivering lots of solid data to me."

Stewart, in a brief email interview, said the Taia revelation is, "interesting but doesn't draw the North Korea attribution into question."

Whatever the level of attribution accuracy, experts say it is well worth continuing to try to get it right. Harding said while the U.S. cannot prosecute state-sponsored hackers in China for espionage, it should affect the relationship between the two countries.

"It is almost impossible to quantify the amount of intellectual property stolen from U.S. servers," he said. "It is on a scale that defies belief."


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.