
UK blames Russia for 'malicious' NotPetya cyber-attack - iamben
http://www.bbc.co.uk/news/uk-politics-43062113
======
teekert
Recently a wave of DDOS attacks hit the banks of the Netherlands. While the
large Bank CEOs were on the news saying this was a professional, very possibly
the Russians, Jelle M. from the small town of Oosterhout was caught and
confessed that he had spend something like 50$ on some DDOS stress testing
service. There is a very nice story on this [0], unfortunately it is in Dutch.

Yes, this is different but the ease with which the Russians are blamed seems
to be very wide spread. Of course, we never get to see and investigate the
evidence.

[0] [https://tweakers.net/reviews/6031/een-ddoser-betrapt-hoe-
de-...](https://tweakers.net/reviews/6031/een-ddoser-betrapt-hoe-de-aanvaller-
tegen-de-lamp-liep.html)

~~~
HissingMachine
It's starting to become a problem, honestly.

There was a case with a local MP here who was supporting an unpopular bill, so
his website got DDOS'd and the next day he was in the media talking about how
this had to be a sophisticated attack. Basically implying that it had to be a
rogue state behind it, not mentioning Russia by name, but it was obvious,
cringy, sad and obvious.

~~~
gandhium
I'd say if Russia wasn't messing with other countries (either by hacking,
invading or trying to overthrow governments[0]) blaming something on them will
be indeed a problem.

But now they're reaping what they sow.

[0] - [http://www.telegraph.co.uk/news/2017/02/18/russias-deadly-
pl...](http://www.telegraph.co.uk/news/2017/02/18/russias-deadly-plot-
overthrow-montenegros-government-assassinating/)

------
chatmasta
The Mirai botnet was also attributed to "nation state actors." Turns out it
was a couple teenagers trying to make some money with Minecraft. [0]

Copy-pasting from an earlier comment of mine [1] on the Mirai/Minecraft story:

> I don’t understand why every single cyberattack is immediately blamed on
> Russia or China. It’s an intellectual embarrassment, and especially worse
> when it’s coming from experts within the community rather than politicians
> in congress.

Adding to that, equally embarrassing is the fact that the media and
governments refer to "Russia" as if it's a single, personified entity. Even if
an attack _did_ "originate" in Russia, does that mean that it was sanctioned
and planned by the Russian government? Or could it be one of the 144 million
Russian citizens acting autonomously? It really requires a leap of faith to
conclude that not only did the attack originate in Russia, but it was actually
planned by the Russian government.

Attribution of cyberattacks is hard, borderline impossible, without non-
technical corroborating evidence. For example, a SIGINT or HUMINT intercept
that reveals intent would corroborate otherwise unreliable technical
attribution. When the only evidence for attribution is Russian IP addresses
and "Cyrillic characters," it's irresponsible to go public with accusations
like this. Of course, if there _is_ corroborating intelligence pointing to
Russia, we'll never see it.

[0] [https://www.wired.com/story/mirai-botnet-minecraft-scam-
brou...](https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-
the-internet/)

[1]
[https://news.ycombinator.com/item?id=15921340](https://news.ycombinator.com/item?id=15921340)

~~~
crdoconnor
>Attribution of cyberattacks is hard, borderline impossible, without non-
technical corroborating evidence.

Intelligence agency budget increases and sky-high consultancy fees are going
to be more forthcoming when it's "a scary nation-state" behind an attack
rather than a couple of teenagers or a band of cyber-criminals.

Also, Russia, after North Korea, does seem to be everybody's favorite bogeyman
these days.

Intelligence agencies and security consultants will have to balance potential
reputation risk as well, of course (if it comes out that they were wrong it's
quite embarrassing), but if attributional evidence is weak then it pays to
pick the bogeyman.

~~~
chatmasta
Your point about consultants is an important one, and demonstrates a moral
hazard of outsourcing intelligence work.

CrowdStrike is especially guilty of this. It seems whenever there's a cyber
attack, CrowdStrike is there to attribute it to whichever bogeyman is most
convenient today.

------
otp124
> Russia has denied responsibility for the NotPetya attack - which is
> estimated to have cost companies more than $1.2bn - and pointed out that
> Russian firms were among those whose systems were affected.

Or perhaps this has become a standard OpSec playbook to provide sufficient
diplomatic cover? Not sure who to believe.

~~~
WaxProlix
Sure, it's also reasonable to think that these companies were in on it and
received compensation or hadn't signed on to an agency's agenda/paid
protection money/whatever. Plenty could have happened, we just don't know.

