Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Foreign Affairs
Related: About this forumNon-partisan ICT thinktank on hacking techniques
(& Neo-McCarthyism - "McCarthyism is the practice of making accusations of subversion or treason without proper regard for evidence." - https://en.m.wikipedia.org/wiki/McCarthyism )
Malicious actors can easily position their breach to be attributed to Russia. Its common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia. For additional operational security, use publically available whitepapers and reports to determine the tool, techniques, and procedures of a well-known nation-state sponsored advanced persistent threat (APT), access Deep Web forums such as Alphabay to acquire a malware variant or exploit kit utilized in prolific attacks, and then employ the malware in new campaigns that will inevitably be attributed to foreign intelligence operations. Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple thats its virtually Script Kiddie 101 among malicious cyber upstarts.
***
Incident Response techniques and processes are not comprehensive or holistic enough to definitively attribute an incident to a specific threat actor from the multitude of script kiddies, hacktivists, lone-wolf threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs), who all possess the means, motive, and opportunity, to attack minimally secured, high profile targets.
***
Attribution might be reliable if the target is well-protected, if the target operates in a niche field, or if the malware involved in the incident is unique because one or more of those characteristics can be deterministic of the sophistication and resources of the threat actor. Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs); and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.
***
Both APT28 and APT29 are well-known sophisticated threat actors that have been extensively profiled by cybersecurity firms such as FireEye. As a result, their profiles, operational behavior, tools, and malware could all be easily emulated by even an unsophisticated adversary in a campaign against an insecure target such as the DNC, that did not prioritize cybersecurity, cyber-hygiene, or system cyber resiliency. For instance, the cyber-criminal group Patchwork Elephant, known for adopting malware from other campaigns, could easily have also conducted the DNC/ RNC attacks by emulating APT28 and APT29...
http://icitech.org/its-the-russians-or-is-it-cold-war-rhetoric-in-the-digital-age/
About icitech.org: http://icitech.org/mission-values/
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 1221 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (1)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Non-partisan ICT thinktank on hacking techniques (Original Post)
Ghost Dog
Dec 2016
OP
Nitram
(22,776 posts)1. This is a very credible source.
Ghost Dog
(16,881 posts)2. Indeed. Thanks, at least, DU, for not supressing
such informed, intelligent analysis.
Ghost Dog
(16,881 posts)3. But, Noticeably, the contemporary submissive local hive-mind prefers
to be like:
... To be continued... Gracias.