A new report has called into question the rash of accusations against Russia. James Scott Sr, a fellow at the Institute of Critical Infrastructure Technology (ICIT), notes that not only is attribution a tricky game, but far less sophisticated than we might expect.
Western systems just aren't strong enough to withstand compromise from the variety of hacktivists, script kiddies, APTs and cyber-criminals arrayed against them. Furthermore, incident response techniques are by no means “comprehensive or holistic enough to definitively attribute an incident to a specific threat actor”, he said.
Scott agrees with some of the basic assumptions that have been made about the recent hacks surrounding the US election: “It would be easy to baselessly declare that all of the attacks were launched by Russia based on the malware employed; however, other threat actors such as Anonymous, Comment Crew, Desert Falcon, etc. could easily emulate the tools, tactics, and procedures of a Russian nation-state APT attack.”
Furthermore, as the author notes, artificially implicating ‘Russia' in a cyber-crime, however grave, is rather easy: “It's common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia.” In fact, adds Scott, “This process is so common and simple that's it's virtually ‘Script Kiddie 101' among malicious cyber upstarts.”
If the hacks on the Democratic National Committee (DNC) showed anything it was that even some of the greatest centres of powers within the USA were not secure – and possibly still aren't.
Attribution would be more reliable, he said, if the DNC were better protected, but it fell foul of a relatively trivial problem: a badly secured mail server. On top of that, the malware used could have been quite easily bought in a darkweb marketplace. All of this is not to mention the fact that the DNC would be a great target for just about any cyber-threat out there.
Upon discovering a major breach or criminal group, fingers will often point towards Russia not only as an apparent haven for cyber-criminals but for the Kremlin's interest in cyberwarfare. The same was true recently when breaches on key figures within not only the Clinton Presidential campaign but the DNC led to huge embarrassment for large portions of the American political establishment. It also gave an apparent boost to Clinton's rival, Donald Trump, who won the American presidency last month.
The US' intelligence community recently said that it believes groups close to the Russian government to be behind this series of breaches. The revelation was quickly followed by an announcement from incumbent President Barack Obama that the US would be taking retaliatory action.
Vince Warrington, cyber lead at the Financial Conduct Authority, said that just because all the evidence hasn't been publicly disclosed, it doesn't mean that everyone is just as clueless: “It would not surprise me in the least if the NSA knew exactly who undertook the various attacks, but for obvious reasons they chose to remain quiet on how that knowledge is acquired.”
While the hack against the DNC was not a sophisticated one, motivation plays an important part. If anyone could have hacked into the DNC, then why didn't they, asked Warrington: “Whilst any number of hacking teams could mimic an attack coming from Russia, there still has to be a reason why they would want to.”
The Kremlin's assumed motivations for breaking into the DNC are clear: to ensure the defeat of Hillary Clinton, a noted adversary of Vladimir Putin and the victory of her rival, Donald Trump, whose opinion of the Russian government has been notably higher.
“The DNC attack could have been undertaken by non-affiliated hackers, but applying Occam's Razor means that we should investigate the most likely explanation (i.e. Russian Intelligence) before looking elsewhere.”
Jeffrey Carr, CEO of Taia Global and an expert in cyber-warfare, thinks ICIT hit the nail on the head with this report. He told SC, “I believe that the US government is setting a dangerous and irresponsible precedent by blaming the Russian government based upon such a flimsy, unreliable and easily spoofed body of evidence.”Retaliation in cyberspace may not be seen as a justified response but an act of aggression, Carr added: “Putin could then legally take countermeasures against the US and we could quickly escalate from a cold war into something much more dangerous.