Abstract
In this article we approach the problem of attributing a cyberattack to real world actors, and the social context of the problem. The basic premise is that while it is socially acceptable to assign attribution of cybercrime after the act, society expects law enforcement to attribute the possibility of cyberterrorist acts to perpetrators in advance, and to disrupt them in the making. This blends the cyberattack attribution problem with the much wider problem of fighting terrorism and organized cybercrime, far beyond the limits of “cyber” understood as the fifth domain of warfare. The main contribution of the paper is identifying research gaps and attributing complexities derived from key problems such as offline criminal activity, as well as practical difficulties in researching cybercrime and cyberterrorism. To get to those conclusions, we analysed the attribution problem from the point of view of the perpetrator, using the SWOT methodology, which gave us insight on tactics of cyberattacks that give the most protection against attribution and prosecution, which led us to identifying current research gaps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schneier B.: Attack attribution and cyber conflict. https://www.schneier.com/blog/archives/2015/03/attack_attribut_1.html. Accessed 11 Jan 2016
Tsagourias, N.: Cyber-attacks, self-defence and the problem of attribution. J. Confl. Secur. Law 17(2), 229–244 (2012). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2538271. Accessed 03 Feb 2016
Healey, J.: Beyond Attribution: Seeking National Responsibility inthe Cyber Attacks. Atlantic Council Issue Brief. http://www.atlanticcouncil.org/images/files/publication_pdfs/403/022212_ACUS_NatlResponsibilityCyber.PDF. Accessed 19 Jan 2016
CyberROAD Consortium: https://www.cyberroad-project.eu. Accessed 11 April 2016
Buchanan, B., Rid, T.: Attributing cyber attacks. J. Strategic Stud. 38(1-2), 4–37, doi:10.1080/01402390.2014.977382. http://www.tandfonline.com/doi/10.1080/01402390.2014.977382. Accessed 03 Feb 2016
Moscaritolo, A.: RSA confirms Lockheed hack linked to SecurIDbreach. http://www.scmagazine.com/rsa-confirms-lockheed-hack-linked-to-securid-breach/article/204744/. Accessed 11 April 2016
From Encryption to Failure of Traditional InvestigationInstruments, Freedom From Fear Magazine, UNICRI.it. http://f3magazine.unicri.it/?p=343. Accessed 25 Jan 2016
Constantin, L.: Juniper’s VPN backdoor: buggy code with a dose ofshady NSA crypto. PC World. http://www.pcworld.com/article/3017803/security/the-juniper-vpn-backdoor-buggy-code-with-a-dose-of-shady-nsa-crypto.html. Accessed 12 April 2016
Pouget, F., Dacier, M., Debar, H.: Honeypot, Honeynet, Honeytoken: Terminological issues. Research Report RR-03-081, InstitutEurecom. http://www.eurecom.fr/en/publication/1275/download/ce-pougfa-030914b.pdf. Accessed 12 April 2016
Linfeng, Z.: Effective techniques for detecting and attributingcyber criminals, Iowa State University. http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=2935&context=etd. Accessed 18 Feb 2016
Mullin, J.: Sunk: How Ross Ulbricht ended up in prison for life. Ars Technica. http://arstechnica.com/tech-policy/2015/05/sunk-how-ross-ulbricht-ended-up-in-prison-for-life/. Accessed 12 April 2016
Krebs, B.: Who is Paunch. Krebs on Security. http://krebsonsecurity.com/2013/12/who-is-paunch/. Accessed 12 April 2016
Brown, C.S.D.: Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice. Int. J. Cyber Criminol. 9(1) (2015). http://www.cybercrimejournal.com/Brown2015vol9issue1.pdf. Accessed 18 Feb 2016
Carr, J.: A critical review of tom rid and ben buchanan’s attributing cyber attacks. Digital Dao. http://jeffreycarr.blogspot.com/2015/01/a-critical-review-of-tom-rid-and-ben.html. Accessed 18 Feb 2016
Mejia, E.F.: Act and Actor Attribution in Cyberspace. http://www.au.af.mil/au/ssq/digital/pdf/spring_2014/Mejia.pdf. Accessed 18 Feb 2016
Carr, J.: Responsible attribution: a prerequisite for accountability. The Tallinn Papers, CCDCOE. https://ccdcoe.org/multimedia/responsible-attribution-prerequisite-accountability.html. Accessed 18 Feb 2016
Kovacs, E.: Researchers Hack Infrastructure of Iran-Linked CyberSpies http://www.securityweek.com/researchers-hack-iran-linked-spy-groups-infrastructure. Accessed 16 April 2016
Armstrong, H.L., Forde, P.D.: Internet anonymity practices incomputer crime. Inf. Manage. Comput. Secur. 11(5), 209–215 (2003)
Schneier, B.: FBI and Apple’s encryption. Schneier on Security. https://www.schneier.com/blog/archives/2015/09/fbi_and_apples_.html. Accessed 18 Feb 2016
EFF: Mass Surveillance Technologies. https://www.eff.org/issues/mass-surveillance-technologies. Accessed 18 April 2016
Anthony, S.: UK government quietly rewrites hacking laws to give GCHQ immunity. Ars Technica. http://arstechnica.com/tech-policy/2015/05/uk-government-quietly-rewrites-hacking-laws-to-grant-gchq-immunity/. Accessed 12 April 2016
Bennett, L.: This Computer Program Turns Famous Writers Into Anonymous Hacks. https://newrepublic.com/article/114112/anonymouth-linguistic-tool-might-have-helped-jk-rowling. Accessed 08 April 2016
Brocardo, M.L., Traore, I. et al.: Authorship verification forshort messages using stylometry. Dept. of Electr. & Comput. Eng., Univ. of Victoria - UVIC, Victoria. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6705711. Accessed 15 April 2016
Caliskan-Islam, A., Yamaguchi, F., Dauber, E. et al.: When Coding StyleSurvives Compilation: De-anonymizing Programmers from Executable Binaries. http://www.princeton.edu/~aylinc/papers/caliskan-islam_when.pdf. Accessed 12 April 2016
Marquis-Boire, M., Marschalek, M., Guarnieri, C.: Big Game Hunting: The Peculiarities in Nation State Malware Research. https://www.blackhat.com/docs/us-15/materials/us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf. Accessed 08 April 2016
Pi, P.: Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak. http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/. Accessed 08 April 2016
Kafeine: CVE-2015-5119 (HackingTeam 0d - Flash up to 18.0.0.194) and Exploit Kits. http://malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html. Accessed 08 April 2016
Lipovsky, R., Cherepanov, A.: BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry. We Live Security. http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/. Accessed 12 April 2016
Schneier, B.: FBI and Apple’s encryption, Schneier on Security. https://www.schneier.com/blog/archives/2015/09/fbi_and_apples_.html. Accessed 25 Jan 2016
Goswami, S., Sudeshna, S., Mayur, R.: Stylometricanalysis of bloggers’ age and gender. In: Third International AAAI Conference on Weblogs and Social Media (2009)
Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3, 993–1022 (2003)
JStylo-Anonymouth software. https://psal.cs.drexel.edu/index.php/JStylo-Anonymouth. Accessed 08 April 2016
Thegift83: Up to 80 % of Anonymous Users Can Be Identified By Using Linguistic Software. http://www.techfleece.com/2013/01/09/up-to-80-of-anonymous-users-can-be-identified-by-using-linguistic-software/. Accessed 12 April 2016
Perlroth, N.: New Study Adds to Scepticism Among Security Experts That North Korea Was Behind Sony Hack. http://www.nytimes.com/2014/12/20/world/fbi-accuses-north-korean-government-in-cyberattack-on-sony-pictures.html. Accessed 12 April 2016
Novetta Threat Research Group: Operation Blockbuster, Unraveling the Long Thread of the Sony Attack. https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf. Accessed 12 April 2016
Joe job: Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/w/index.php?title=Joe_job&oldid=686605265. Accessed 12 April 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Kijewski, P., Jaroszewski, P., Urbanowicz, J.A., Armin, J. (2016). The Never-Ending Game of Cyberattack Attribution. In: Akhgar, B., Brewster, B. (eds) Combatting Cybercrime and Cyberterrorism. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-38930-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-38930-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-38929-5
Online ISBN: 978-3-319-38930-1
eBook Packages: Law and CriminologyLaw and Criminology (R0)