[ad_1]
“I will note that the speed at which we made this attribution is very unusual,” Neuberger said. “We did this because of the need to quickly report behavior as part of holding nations accountable when they engage in disruptive or destabilizing cyber activities.”
This new policy has its roots in what happened after the 2016 US elections. Gavin Wilde, formerly a senior National Security Council official with a focus on Russia, assisted the author. milestone Intelligence Community Assessment This detailed Moscow’s campaigns of hacking and disinformation aimed at influencing the election. It took a tremendous effort to start the process of bringing all relevant U.S. intelligence agencies into the same room and sharing information across a wide range of classification levels, supported by Director of National Intelligence James Clapper, and encouraged by President Obama himself. .
But the assessment and attribution of his cyber campaigns wasn’t made public until 2017, months after the US election came and went.
“There was a sense of helplessness [among US intelligence] Obviously, the American public is the target audience for the Russians,” Wilde told MIT Technology Review.
Despite its late arrival, the assessment was an impressive feat compared to anything that had been done before.
“However, there was still a sense of failure that we couldn’t neutralize these activities before the narratives were well-seeded by the Russians and reinforced by people in key positions,” Wilde says.
Long way
Hacking was an important aspect of global politics for decades before public attributions were seriously considered. It took a groundbreaking cybersecurity report from a private sector firm to make waves, get on the front page of the New York Times, and change the way the world thinks about unmasking hackers.
this 2013 report on Chinese hackers known as APT1 He was the first to publicly designate a nation-state, by the American cybersecurity firm Mandiant. The public disclosure of the accusation was hacked by the group for a full decade, beginning in 2002.
When the APT1 report was released, the document was extremely detailed enough to single out the Chinese People’s Liberation Army cyber-espionage group known as Unit 61398. A year later, the U.S. Department of Justice effectively supported the report when it brought charges. Five officers from the unit are accused of hacking and stealing the intellectual property of American companies.
“The APT1 report fundamentally changed the benefit-risk calculus of attackers,” says Timo Steffens, German cyberespionage researcher and author of Attribution of Advanced Persistent Threats.
“Before this report, cyber operations were seen as almost risk-free tools,” he says. The report not only generated hypotheses, but clearly and transparently documented analysis methods and data sources. It was clear that this was not a one-time lucky find, but it was clear that the trade craft could be applied to other operations and attacks as well.”
The implications of the news headlines were far-reaching. A similar wave of attribution followed, with the United States accusing China of systematic mass theft, causing cybersecurity to be at the center of Chinese president Xi Jinping’s 2015 visit to the United States.
“Before the APT1 report, the attribution was the elephant in the room that no one dared to mention,” Steffens says. “I think it’s not just a technical breakthrough, it’s also a bold achievement from the authors and their directors to take the final step and make the results public.”
It is this last step that is missing, as intelligence officers are now very technically savvy. To correlate a cyberattack, intelligence analysts look at a range of data such as the malware used by hackers, the infrastructure or computers they set up to carry out the attack, intelligence and compromised communications, and the following. without sugar – who stands to win? — geopolitical analysis of the strategic motivation behind the attacks.
As patterns emerge, the more data, the easier the association. Even the world’s best hackers make mistakes, leave clues behind, and reuse old tools that helped uncover the situation. There is an ongoing arms race between analysts who find new ways to unmask hackers and hackers who aim to cover their tracks.
But the speed with which the Russian attack was cited showed that previous delays in naming names were not simply due to a lack of data or evidence. It was politics.
“It’s a matter of political will,” says Wilde, who worked in the White House until 2019. “For that, you need committed leadership at all levels. [Anne Nueberger] It made me believe there was someone who could move mountains and eliminate bureaucracy when needed to signal a conclusion. Here is that person.”
Wilde argues that Russia’s invasion of Ukraine and the risk of losing hundreds of thousands of lives forced the White House to act more quickly.
“Management seems to understand that the best defense to thwart these narratives is a good preemptive offense, to preempt them and infuse them with international audiences, whether it be cyber attacks or false flags and false excuses,” he says. wilde
Public attribution can have a very real impact on a competitor’s cyber strategy. It can signal that they are being watched and understood, or it can impose costs when operations are uncovered and instruments must be burned to start over. It can also trigger political actions, such as sanctions chasing the bank accounts of those responsible.
Gavin argues it’s a public sign that the government is keeping a close eye on malicious cyber activity and working to fix it in a way you can read about in public indictments or intelligence reports.
“It creates a credibility gap, especially between the Russians and the Chinese. They can hide whatever they want, but the US government puts it all out for public consumption by forensic accounting of their time and effort.”
[ad_2]
Source link