Hacker News new | past | comments | ask | show | jobs | submit login

Maybe it’s just me, but I’m always baffled when people categorically claim that they know the source of their cyber attacks. It’s not exactly difficult for someone with the most basic knowledge of networking to disguise that information or masquerade as someone they’re not.



There is a lot more to tracking these groups than ip addresses. To impersonate any of the known groups you will need a lot of knowledge about the tools and infra that they use.


And if you have that knowledge it's impossible to imitate? Can't really tell if your comment is refuting or agreeing, attribution is hard.


Knowing that a thing is true is categorically different from knowing how to do something— Knowing that group A uses technique B doesn’t automatically make you proficient at using B yourself.

Masquerading as a particular cyber-attack group requires not only knowing what techniques and tools they tend to use, but also how to do those things yourself, while imitating their style. It’s not impossible, but neither is it trivial: We’re not talking about simply first impressions here, but fooling a concerted, post-hoc investigation.


Can you give some specific examples? What do you mean by "imitating their style"? What data would be used to "fingerprint" these groups?


I'm no "cyber security expert", but from what I can understand it can be something as simple as, what was mentioned above, tracking ip addresses to analyzing the processes leading up to and used in the attack. Whether that is how they approach the target, the tools used and/or any evidence left behind.

When a large enough amount of attacks are performed by one group you gain some insight in how they work & approach problems. Very similar to how law enforcement would be able to "fingerprint" a serial killer based on his patterns or how a professor would be able to tell you plagiarized the code for a project based on the pattern of your early assignments.

People are not immune to patterns and habits. Groups, much like people, are effectively extensions of these patterns and habits but on a grander scale. In a normal workplace this is called company "culture".


This is a great comment. Thanks.


And how these 'known' groups got attributed to a particular country in the first place?




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: