Cyber attribution

In the area of computer security, cyber attribution is an attribution of cybercrime, i.e., finding who perpetrated a cyberattack. Uncovering a perpetrator may give insights into various security issues, such as infiltration methods, communication channels, etc., and may help in enacting specific countermeasures. Cyber attribution is a costly endeavor requiring considerable resources and expertise in cyber forensic analysis.^[1]^[2]

For governments and other major players dealing with cybercrime would require not only technical solutions, but legal and political ones as well, and for the latter ones cyber attribution is crucial.^[2]^: xvii

Attributing a cyberattack is difficult, and of limited interest to companies that are targeted by cyberattacks. In contrast, secret services often have a compelling interest in finding out whether a state is behind the attack.^[3] A further challenge in attribution of cyberattacks is the possibility of a false flag attack, where the actual perpetrator makes it appear that someone else caused the attack.^[3] Every stage of the attack may leave artifacts, such as entries in log files, that can be used to help determine the attacker's goals and identity.^[4] In the aftermath of an attack, investigators often begin by saving as many artifacts as they can find,^[5] and then try to determine the attacker.^[6]

[1]

[2]

[3]

[4]

[5]

[6]

Cyber attribution

See also

References

Further reading

Wikiwand - on