undefined | Better HN

0 pointssneak4y ago0 comments

It is absolutely trivial for an attacker in the US or anywhere to make their ransomware attack appear to come from Russia (to someone who doesn’t know that).

0 comments

staticassertion4y ago

I don't see how that's relevant to the incentives of foreign enemies attacking us. As I said, there are many. It basically stops being criminal activity.

Do you really think that's not the case, or that that isn't going to considerably skew where these attacks come from?

Millenialboomer4y ago

I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence. How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities? Just because a lot of illicit web traffic originates from Israeli servers, for example, does not mean that it originated in Israel. In reality, our cyber security agencies have no idea where these guys are coming from: it COULD very well be from Russia, sure, but it could also be from your neighbor next door who vpn'd in through a chain of servers starting in france and ending in mali.

staticassertion4y ago

> I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence.

Badly, I guess, because no one has mentioned evidence or a lack of evidence anywhere in the thread.

> How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities?

There are a lot of different ways. GEOIP is just one method. Examining the artifacts for code-reuse from other malware is another big one. Looking at the types of attacks is another ie: "this malware uses these techniques, and these are favored by groups 1,2,3".

There's a lot more to it than that, and not all of it is public. I've seen attribution done through backdoor channels that were not strictly legal.

> In reality, our cyber security agencies have no idea where these guys are coming from

No, more often than not we definitely do.

j / k navigate · click thread line to collapse

0 comments

staticassertion4y ago

I don't see how that's relevant to the incentives of foreign enemies attacking us. As I said, there are many. It basically stops being criminal activity.

Do you really think that's not the case, or that that isn't going to considerably skew where these attacks come from?

Millenialboomer4y ago

staticassertion4y ago

> I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence.

Badly, I guess, because no one has mentioned evidence or a lack of evidence anywhere in the thread.

> How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities?

There's a lot more to it than that, and not all of it is public. I've seen attribution done through backdoor channels that were not strictly legal.

> In reality, our cyber security agencies have no idea where these guys are coming from

No, more often than not we definitely do.

j / k navigate · click thread line to collapse