Still waiting for the day a leak is attributed to the French because of the length of lunch breaks inferred from timestamps.
Now the CIA is going to claim that for national security reasons, they're going to have to hack American computers too.
So what they really need to do is make a queue system for actions like that and have them execute randomly during weekends. Would require a lot more patience and long sightedness but I don't see any other way of masking it.
A surprisingly refreshing feature.
Let's say the US uses French time zones and France uses US eastern time zones. You've discovered malware that for whatever reason has time stamps for US Eastern.
Is it really from the US or is it from France? How would you deduce such a fact? I posit it would be better to see who the malware is targeting: entities may be averse to targeting their own countries.
I know you're only using France as an example, but it's even more ridiculous when you consider that (mainland) France has one time zone (CE(S)T), which it shares with more than a dozen of other countries (central Europe + most of the western Europe + majority of Scandinavia + former Yugoslavia).
Article mostly talks about the validation that security companies got from recent leaks, when before it could only be based on update and domain registration times.
Kind of makes the US look silly with that oversight. Though even if they did fix themselves, it's not like you could change behavior on the old stuff.
I suspect it was largely accidental, though. Heck, there's been private entities I know who have ended up with tells that pinned them to timezones.
