Abstract
We define cyber attribution as the allocation of a cyber attack to a certain attacker or a group of attackers in a first step and the unveiling of the real-world identity of the attacker in a second step. While the methods of attacker allocation have made significant progress in recent years, digital technologies often still do not provide sufficient evidence for the real-world identity of an attacker. The situation is different if attribution is handled as cyber-physical process, i.e. as combination of digital forensics with evidence from the physical world. Bits and bytes are not really virtual, but still bound to a physical infrastructure which opens different ways to detect adversaries. Gaps can also be filled by conventional espionage. The chapter gives an overview of the current methods and practices of cyber attribution with real-world examples.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Recommended Readings
Rid, Th., Buchanan, B. (2015): Attributing Cyber Attacks. The Journal of Strategic Studies, 2015 Vol. 38, Nos. 1–2, 4–37, http://dx.doi.org/10.1080/01402390.2014.977382.
Lin, H. (2016) “Attribution of Malicious Cyber Incidents,” Hoover Working Group on National Security, Technology, and Law, Aegis Series Paper No. 1607 (September 26, 2016), 56 pages.
Tran, D. (2017): The Law of Attribution: Rules for Attributing the Source of a Cyber Attack. Yale J. L. Tech 376, 76 pages.
Tsagourias, N. (2012): Cyber attacks, self-defence and the problem of attribution. Journal of Conflict & Security Law Oxford University Press 2012, 16 pages https://doi.org/10.1093/jcsl/krs019.
Bibliography
Alexander, K.B. (2007): Warfighting in Cyberspace. JFQ, issue 46, 3rd quarter 2007, p. 58-61.
Alperovitch, D. (2014): Deep in Thought: Chinese Targeting of National Security Think Tanks 07 Jul 2014, 8 pages www.paper.seebug.org.
Baches, Z. (2016): Wie Hacker eine Notenbank knacken. Neue Zürcher Zeitung, 10 Oct 2016, p. 7.
Baumgärtner, M., Neef, C. Stark, H. (2016): Angriff der Bären. Der Spiegel 31/2016, p. 90-91.
Best, R.A. (2009): Intelligence Issues for Congress. CRS Report RL33539 www.fas.org.
Brächer, M. (2016): Das fragile Netzwerk. Handelsblatt No. 155/2016, p. 26-27.
Brown, G., Poellet, K. (2012): The Customary International Law of Cyberspace. In: Strategic Studies Quarterly. Volume 6 Fall 2012 Number 3, p. 126 ff.
Carmody, N.F. (2005): National Intelligence Reform. USAWC Strategy Research Report. US Army War College.
Denker, H., Roodsari, A.V., Wienand, L., Kartheuser, B. (2019): Wie konnte ein 20-Jähriger den Riesenhack schaffen? T-Online Nachrichten. 08 January 2019. www.t-online.de.
DNI Handbook (2006): An overview of the United States Intelligence Community 2007. Published 15 December 2006.
DoD (2018): Summary of the 2018 DoD Cyber Strategy, 10 pages. Published by US Department of Defense (DoD).
EUROPOL (2016): ‘Avalanche’ Network dismantled in International Cyber Operation. Press Release 01 December 2016.
EU (2016): Commission Services Non-paper: Progress Report following the Conclusions of the Council of the European Union on Improving Criminal Justice in Cyberspace. Brussels, 2 December 2016 15072/16 136, 15 Jun 2013, p. 1.
FAZ (2015): “NSA hat Computer in Nord Korea schon vor 4 Jahren infiltriert”. Frankfurter Allgemeine Zeitung, 20 Jan 2015, p. 5.
FireEye (2014): APT28: A Window into Russia’s Cyber Espionage Operations? 45 pages www.fireeye.com.
Fuest, B. (2014): Uroburos –Russisches Supervirus greift die Welt an. Welt am Sonntag online 10 March 2014, 3 pages.
Gerstein, DM (2015): Strategies for Defending U.S. Government Networks in Cyberspace. RAND Office of External Affairs Document CT-436 June 2015, 7 pages.
Huber, M. (2013): Der entkernte Staat. Der Spiegel 25/2013, p. 18-19.
Jennifer (2014): Breaking the Code on Russian Malware. The Recorded Future Blog Posted in Cyber Threat Intelligence 20 Nov 2014 www.recordedfuture.com.
Johnson, A. et al. (2013): Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. US Naval Research Laboratory.
Kaspersky (2013): “Winnti” Just more than a game. April 2013, 80 pages plus appendix www.securelist.com.
Kaspersky (2014): Unveiling Careto – The masked APT February 2014 www.securelist.com.
Kaspersky Lab (2015a): Equation Group Questions and Answers. Version 1.5, February 2015, 32 pages www.securelist.com.
Kaspersky Lab (2015b): The Duqu 2.0 Technical details. Version 2.0, 9 June 2015, 45 pages www.securelist.com.
Kaspersky (2016): The Project Sauron APT August 2016, 14 pages www.securelist.com.
KrebsonSecurity (2016): Carbanak Gang Tied to Russian Security Firm? Official Security Blog of Brian Krebs 2016 www.krebsonsecurity.com.
Krekel, B. (2009): Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network. Exploitation Prepared for the US-China Economic and Security Review Commission. Northrop Grumman Corporation. October 9, 2009.
Kurz, C. (2017): Jetzt ist es an der Zeit, die Lücken zu schließen. Frankfurter Allgemeine Zeitung No. 31, 06 Feb 2017, p. 13.
Lin, H. (2016) “Attribution of Malicious Cyber Incidents,” Hoover Working Group on National Security, Technology, and Law, Aegis Series Paper No. 1607 (September 26, 2016), 56 pages.
Mandiant (2013): APT 1 Exposing One of Chinas Cyber Espionage Units, 74 pages.
McDonald, G., O’Morchu, L., Doherty, S., Chien, E. (2013): Stuxnet 0.5: The Missing Link. Symantec Report 2013, 18 pages www.symantec.com.
Mueller, R.S. (2018): Indictment in the United States District Court for The District of Columbia. Received 13 July 2018, 12 pages.
Novetta (2015): Operation-SMN-Report June 2015, 31 pages www.novetta.com.
Novetta (2016): Operation-Blockbuster-Report February 2016, 59 pages www.operationblockbuster.com.
Paganini, P. (2018): The Dutch Intelligence AIVD ‘hacked‘ Russian Cozy Bears for years. Securityaffairs. co from 26 Jan 2018 Securelist.com.
Perloth, N., Shane, S. (2017): How Israel caught Russian hackers scouring the world for US Secrets New York Times online, 10 Oct 2017 www.nytimes.com.
Radsan, A.J. (2007): The Unresolved Equation of Espionage and International Law. Michigan Journal of International Law Volume 28, Issue 3, pp. 596-623.
Rid, Th., Buchanan, B. (2015): Attributing Cyber Attacks. The Journal of Strategic Studies, 2015 Vol. 38, Nos. 1–2, 4–37, http://dx.doi.org/10.1080/01402390.2014.977382.
Rüesch, A. (2018): Die Jagd nach Putins Agenten. Neue Zürcher Zeitung, 19 Oct 2018, p. 4-5.
Shane, S. (2013): No morsel too small for a US spy agency. New York Times International 8 Dec 2013, p. 1/4.
Shields, N.P. (2018): Criminal Complaint United States vs. Park Jun Hyok at the United States District Court for The District of Columbia. Received 08 Jun 2018, 179 pages.
Süddeutsche Zeitung Online (2013): Hacker aus China klauen Google Datensätze. 21 May 2013 www.sueddeutsche.de/ digital/gegenspionage aus China google gehackt spione gecheckt-1.1677106.
Symantec (2016a): The Waterbug attack group. Security Response Version 1.02 Symantec, 14 Jan 2016, 44 pages www.symantec.com.
Symantec (2016b): Strider: Cyberespionage group turns eye of Sauron on targets, Symantec Official Blog, 07 Aug 2016 www.symantec.com.
Symantec (2016c): Odinaff: New Trojan used in high level financial attacks, Symantec Official Blog, 11 Oct 2016 www.symantec.com.
Tran, D. (2017): The Law of Attribution: Rules for Attributing the Source of a Cyber Attack. Yale J. L. Tech 376, 76 pages.
Tsagourias, N. (2012): Cyber-attacks, self-defence and the problem of attribution Journal of Conflict & Security Law Oxford University Press 2012, 16 pages https://doi.org/10.1093/jcsl/krs019.
USAF (2010): US Air Force Doctrine Document (AFDD) 3-12, Cyberspace Operations 15 July 2010, 55 pages.
Wittmann, J. (2017): Gesucht: Bond. Jane Bond. Neue Westfälische 11 Feb 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Fachmedien Wiesbaden GmbH, ein Teil von Springer Nature
About this chapter
Cite this chapter
Saalbach, KP. (2019). Attribution of Cyber Attacks. In: Reuter, C. (eds) Information Technology for Peace and Security. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-25652-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-658-25652-4_13
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-25651-7
Online ISBN: 978-3-658-25652-4
eBook Packages: Computer Science and Engineering (German Language)