Skip to main content
SpringerLink
Log in

The Never-Ending Game of Cyberattack Attribution

Exploring the Threats, Defenses and Research Gaps

  • Chapter
  • First Online:
Combatting Cybercrime and Cyberterrorism

Abstract

In this article we approach the problem of attributing a cyberattack to real world actors, and the social context of the problem. The basic premise is that while it is socially acceptable to assign attribution of cybercrime after the act, society expects law enforcement to attribute the possibility of cyberterrorist acts to perpetrators in advance, and to disrupt them in the making. This blends the cyberattack attribution problem with the much wider problem of fighting terrorism and organized cybercrime, far beyond the limits of “cyber” understood as the fifth domain of warfare. The main contribution of the paper is identifying research gaps and attributing complexities derived from key problems such as offline criminal activity, as well as practical difficulties in researching cybercrime and cyberterrorism. To get to those conclusions, we analysed the attribution problem from the point of view of the perpetrator, using the SWOT methodology, which gave us insight on tactics of cyberattacks that give the most protection against attribution and prosecution, which led us to identifying current research gaps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Schneier B.: Attack attribution and cyber conflict. https://www.schneier.com/blog/archives/2015/03/attack_attribut_1.html. Accessed 11 Jan 2016

  2. Tsagourias, N.: Cyber-attacks, self-defence and the problem of attribution. J. Confl. Secur. Law 17(2), 229–244 (2012). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2538271. Accessed 03 Feb 2016

    Google Scholar 

  3. Healey, J.: Beyond Attribution: Seeking National Responsibility inthe Cyber Attacks. Atlantic Council Issue Brief. http://www.atlanticcouncil.org/images/files/publication_pdfs/403/022212_ACUS_NatlResponsibilityCyber.PDF. Accessed 19 Jan 2016

  4. CyberROAD Consortium: https://www.cyberroad-project.eu. Accessed 11 April 2016

  5. Buchanan, B., Rid, T.: Attributing cyber attacks. J. Strategic Stud. 38(1-2), 4–37, doi:10.1080/01402390.2014.977382. http://www.tandfonline.com/doi/10.1080/01402390.2014.977382. Accessed 03 Feb 2016

    Google Scholar 

  6. Moscaritolo, A.: RSA confirms Lockheed hack linked to SecurIDbreach. http://www.scmagazine.com/rsa-confirms-lockheed-hack-linked-to-securid-breach/article/204744/. Accessed 11 April 2016

  7. From Encryption to Failure of Traditional InvestigationInstruments, Freedom From Fear Magazine, UNICRI.it. http://f3magazine.unicri.it/?p=343. Accessed 25 Jan 2016

  8. Constantin, L.: Juniper’s VPN backdoor: buggy code with a dose ofshady NSA crypto. PC World. http://www.pcworld.com/article/3017803/security/the-juniper-vpn-backdoor-buggy-code-with-a-dose-of-shady-nsa-crypto.html. Accessed 12 April 2016

  9. Pouget, F., Dacier, M., Debar, H.: Honeypot, Honeynet, Honeytoken: Terminological issues. Research Report RR-03-081, InstitutEurecom. http://www.eurecom.fr/en/publication/1275/download/ce-pougfa-030914b.pdf. Accessed 12 April 2016

  10. Linfeng, Z.: Effective techniques for detecting and attributingcyber criminals, Iowa State University. http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=2935&context=etd. Accessed 18 Feb 2016

  11. Mullin, J.: Sunk: How Ross Ulbricht ended up in prison for life. Ars Technica. http://arstechnica.com/tech-policy/2015/05/sunk-how-ross-ulbricht-ended-up-in-prison-for-life/. Accessed 12 April 2016

  12. Krebs, B.: Who is Paunch. Krebs on Security. http://krebsonsecurity.com/2013/12/who-is-paunch/. Accessed 12 April 2016

  13. Brown, C.S.D.: Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice. Int. J. Cyber Criminol. 9(1) (2015). http://www.cybercrimejournal.com/Brown2015vol9issue1.pdf. Accessed 18 Feb 2016

  14. Carr, J.: A critical review of tom rid and ben buchanan’s attributing cyber attacks. Digital Dao. http://jeffreycarr.blogspot.com/2015/01/a-critical-review-of-tom-rid-and-ben.html. Accessed 18 Feb 2016

  15. Mejia, E.F.: Act and Actor Attribution in Cyberspace. http://www.au.af.mil/au/ssq/digital/pdf/spring_2014/Mejia.pdf. Accessed 18 Feb 2016

  16. Carr, J.: Responsible attribution: a prerequisite for accountability. The Tallinn Papers, CCDCOE. https://ccdcoe.org/multimedia/responsible-attribution-prerequisite-accountability.html. Accessed 18 Feb 2016

  17. Kovacs, E.: Researchers Hack Infrastructure of Iran-Linked CyberSpies http://www.securityweek.com/researchers-hack-iran-linked-spy-groups-infrastructure. Accessed 16 April 2016

  18. Armstrong, H.L., Forde, P.D.: Internet anonymity practices incomputer crime. Inf. Manage. Comput. Secur. 11(5), 209–215 (2003)

    Google Scholar 

  19. Schneier, B.: FBI and Apple’s encryption. Schneier on Security. https://www.schneier.com/blog/archives/2015/09/fbi_and_apples_.html. Accessed 18 Feb 2016

  20. EFF: Mass Surveillance Technologies. https://www.eff.org/issues/mass-surveillance-technologies. Accessed 18 April 2016

  21. Anthony, S.: UK government quietly rewrites hacking laws to give GCHQ immunity. Ars Technica. http://arstechnica.com/tech-policy/2015/05/uk-government-quietly-rewrites-hacking-laws-to-grant-gchq-immunity/. Accessed 12 April 2016

  22. Bennett, L.: This Computer Program Turns Famous Writers Into Anonymous Hacks. https://newrepublic.com/article/114112/anonymouth-linguistic-tool-might-have-helped-jk-rowling. Accessed 08 April 2016

  23. Brocardo, M.L., Traore, I. et al.: Authorship verification forshort messages using stylometry. Dept. of Electr. & Comput. Eng., Univ. of Victoria - UVIC, Victoria. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6705711. Accessed 15 April 2016

  24. Caliskan-Islam, A., Yamaguchi, F., Dauber, E. et al.: When Coding StyleSurvives Compilation: De-anonymizing Programmers from Executable Binaries. http://www.princeton.edu/~aylinc/papers/caliskan-islam_when.pdf. Accessed 12 April 2016

  25. Marquis-Boire, M., Marschalek, M., Guarnieri, C.: Big Game Hunting: The Peculiarities in Nation State Malware Research. https://www.blackhat.com/docs/us-15/materials/us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf. Accessed 08 April 2016

  26. Pi, P.: Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak. http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/. Accessed 08 April 2016

  27. Kafeine: CVE-2015-5119 (HackingTeam 0d - Flash up to 18.0.0.194) and Exploit Kits. http://malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html. Accessed 08 April 2016

  28. Lipovsky, R., Cherepanov, A.: BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry. We Live Security. http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/. Accessed 12 April 2016

  29. Schneier, B.: FBI and Apple’s encryption, Schneier on Security. https://www.schneier.com/blog/archives/2015/09/fbi_and_apples_.html. Accessed 25 Jan 2016

  30. Goswami, S., Sudeshna, S., Mayur, R.: Stylometricanalysis of bloggers’ age and gender. In: Third International AAAI Conference on Weblogs and Social Media (2009)

    Google Scholar 

  31. Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3, 993–1022 (2003)

    Google Scholar 

  32. JStylo-Anonymouth software. https://psal.cs.drexel.edu/index.php/JStylo-Anonymouth. Accessed 08 April 2016

  33. Thegift83: Up to 80 % of Anonymous Users Can Be Identified By Using Linguistic Software. http://www.techfleece.com/2013/01/09/up-to-80-of-anonymous-users-can-be-identified-by-using-linguistic-software/. Accessed 12 April 2016

  34. Perlroth, N.: New Study Adds to Scepticism Among Security Experts That North Korea Was Behind Sony Hack. http://www.nytimes.com/2014/12/20/world/fbi-accuses-north-korean-government-in-cyberattack-on-sony-pictures.html. Accessed 12 April 2016

  35. Novetta Threat Research Group: Operation Blockbuster, Unraveling the Long Thread of the Sony Attack. https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf. Accessed 12 April 2016

  36. Joe job: Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/w/index.php?title=Joe_job&oldid=686605265. Accessed 12 April 2016

Download references

Author information

Authors and Affiliations

  1. NASK/CERT Polska, Warsaw, Poland

    Piotr Kijewski, Przemyslaw Jaroszewski & Janusz A. Urbanowicz

  2. Cyberdefcon, Hove, United Kingdom

    Jart Armin

Authors
  1. Piotr Kijewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Przemyslaw Jaroszewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Janusz A. Urbanowicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jart Armin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Piotr Kijewski .

Editor information

Editors and Affiliations

  1. CENTRIC, Sheffield Hallam University, Sheffield, South Yorkshire, United Kingdom

    Babak Akhgar

  2. CENTRIC, Sheffield Hallam University, Sheffield, United Kingdom

    Ben Brewster

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Kijewski, P., Jaroszewski, P., Urbanowicz, J.A., Armin, J. (2016). The Never-Ending Game of Cyberattack Attribution. In: Akhgar, B., Brewster, B. (eds) Combatting Cybercrime and Cyberterrorism. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-38930-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-38930-1_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-38929-5

  • Online ISBN: 978-3-319-38930-1

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation