You are viewing a single comment's thread from:

RE: WikiLeaks Vault 7

in #cia7 years ago (edited)

The questions to ask is is attribution dead? Are forensic fingerprints meaningless now? Now that any attackers can disguise themselves as the CIA, and the CIA can disguise itself as a nation-state, the answer is to yes - to some extent. While it is clear that the CIA (and other organizations) hide their tracks by using foreign tools and using foreign locations, they still use the methodologies for running cyber operations that are unique to their organization. For example, while the CIA may use foreign malware, their methodology for lateral movement in the network is probably unique and distinctive to them and is usually harder to change and disguise. Attribution is possible but should rely less on the identification of a malware, and focus instead on the behaviors and methodologies used by the hackers. In other words, when you want to attribute an attack, look for the TTPs (tactics, techniques and procedures) that are used and always question the source of the code. ....
I hope you like my thoughts....... @joseph

Sort:  

Very interesting. I never thought on the aspect of fingerprints and how it may no longer have any value. You made a great point. The problem with the CIA is that they withhold knowledge to certain sectors and major corporate franchises of the attack and THEIR methodologies on how and which areas were easily penetrated. The CIA can't even prevent their systems from being hacked. The government, in my opinion, is connected to some kind of underground pool and it is all slowly coming to light.
Loved the comment and thank you for making me think of other variables @arjunanku

you are most welcome......

This also brings into question the now widely accepted theory of Russians hacking of the DNC. Just saying.