Blame China? Russia? Ukraine?
Cyber attribution is hard enough already, but the use of deceptive techniques and false flag operations is liable to make matters even more difficult for incident response experts.
Jake Williams, principal consultant at Rendition Infosec and former US Department of Defense (DoD) cybersecurity expert who has taken part in offensive ops, told delegates at this year’s Black Hat Europe that conducting a false flag cyber operation is a lot easier than people tend to think.
A false flag technique doesn’t have to be perfect to be effective, Williams explained, adding that simply slowing down or increasing the cost of making a decision can be effective.
For example, western national intelligence agencies are unanimous that Russia was responsible for hacking the US Democratic National Committee (DNC) as part of an election interference campaign during the 2016 Presidential election.
A false flag operation doesn’t have to be perfect to be effective, says Jake Williams
Despite this, seeds of doubt have been sown through a conspiracy theory that Ukraine – and not Russia – was responsible for interfering with the vote that brought Donald Trump to power, reports CSO.
False flag operations are not always so successful. For example, Russia was caught red-handed trying to blame North Korean cyber group Lazarus for the 2018 Olympic Destroyer attacks in South Korea.
All of this is essentially about planting evidence in order to suggest that some other party might be responsible for some wrongdoing, Williams told The Daily Swig – a preferred method to destroying evidence of any hostile cyber acts.
During his presentation, Williams said that he expected more nation-states to get better at planting evidence, as well as improving abilities at removing their own.
He added that establishing plausible deniability can be enough to delay attribution and therefore delay or forestall retribution or even to “slow down or increase the cost of a decision”.
Cybercriminals might in time adopt these techniques, but for now they are more focused on attempting to destroy evidence through the use of so-called anti-forensics technology.
The Daily Swig will be back with more news from Black Hat Europe throughout the week
YOU MIGHT ALSO LIKE Hack that lifts limits on contactless card payments debuts at Black Hat Europe