Cyber attacks and cyber warfare are more common than they ever have been, majorly due to the fact that we are very reliant on cyber space across the globe. An interesting factor in regard to this is how easily it can be to set it up to appear that a country has employed a cyber attack upon another country. While not necessarily as identifiable as a fingerprint, there tend to be characteristics or techniques that are related to certain countries.
There have been several instances of countries being blamed for cyber attacks due to characteristics typical to them. But this begs the question, was it actually said country, or an unknown entity working to direct blame upon that country. One such example is the breach of the Office of Personnel Management, in which there was a massive exfiltration of data, such as 21.5 million details of United States citizens, 6 million fingerprints, and data collected from the Standard Form 86, which has information from anyone who had received a background check for federal employment. This breach was attributed to attackers connected to the Chinese government, and the data stolen could be used for manipulation or exploitation. But, was it ascertained completely that it was China who accomplished the breach, or simply assumed due to the characteristics of the attack.
How a Deception of Source Could Be Accomplished
A misdirection of the source of an attack could quite simply be done. For instance, a foreign group could employ a certain type of malware in an attack, such as “Sandworm,” which is a malware typically related to a Russian group, and make it appear that Russia launched the attack. At this point, after discovering Sandworm in an attack, the victim would attribute the attack to Russia, which could affect tensions between the countries, or even prompt retaliation against them. And this could all arise from an entirely separate group instigating the situation through the use of a specific type of malware.
The reality is that when attacks are easily traced to large scale hackers, groups, or nation-states, it in a way is somewhat illogical. Experienced hackers or groups tend to be very adept at exploiting, and are generally intelligent and skilled enough to not leave these types of footprints that lead back to them. An adept hacker has reached that level for a reason, and it most definitely was not by leaving a trail of breadcrumbs behind that leads back to their location. These attacks that are quickly discovered to be sourced from a particular location are somewhat suspicious just purely in the fact that a trail was discovered with such haste. One would think that nation-states would be using adept hackers that do not make these types of mistakes.
The idea of a deceptive cyber attack is not new, and has been noticed by several different people in the industry. When asked about the potential for a hacker to stage a deceiving attack, Brook Zimmatore, CEO of Massive Alliance stated, “The potential for this type of circumstance is real, and it cannot be disregarded. When an attack or breach is not vetted meticulously, it may seem to be from a particular source, but when carefully reviewed, simple details could display that it was only made to appear this way.” The devil is in the details, and there can be small giveaways as to when an attack is being framed on a certain country.
This redirection of the source of an attack has been played out in several different areas. For example, there have been multiple instances of cyber attacks of varying degrees being attributed to different branches of the collective “Anonymous.” Yet, many indicators would seem to display that the actual group had nothing to do with the attacks, and it was simply someone claiming connection to them. Certain Anonymous branches are usually quite open about announcing their achievements through social media. But, there have been times where an attack was attributed to them, where nothing was posted in regard to the attack through their official social media accounts. This is a large danger of the cyber world, being that the apparent source of attacks can be so easily redirected, even to the point of potentially fooling adept intelligence analysts because of the apparent validity.