Guessing at the Source of Cyber Attacks

Yet another example of how difficult it is to determine both motive and source of cyber attacks. As with most "cyber war" attacks, it is pure speculation as to who is behind the latest activity against Kyrgyzstan and arguments can be made for any number of sources.

The New York Times has an article discussing two different possibilities for the most recent Kyrgyzstan attacks:

1. Russian "cyber-militias" are attacking to intimidate the Kyrgyzstan government for any number of reasons; or,
   
2. Kyrgyzstan hired Russian "hackers" to attack itself in order to "crackdown on an opposition party in Kyrgyzstan that uses the Internet to organize".

This is the danger: Without better intelligence and investigative capabilities, it will be next to impossible to determine exact source and motive. This leads to an inability to respond properly to a cyber attack or, potentially worse, responding inappropriately.

I have been involved in numerous complex, international cyber investigations where the source and motive were determined. However, it is almost never simple and requires extensive intelligence gathering and analysis (beyond basic Internet traffic analysis). This requires time and expenses beyond what most organizations are willing to invest in. Yet doing anything less leaves only guesswork.

Also see Analyzing Goggle Attacks - Plenty of Room for Error

Are ‘Cyber-Militias’ Attacking Kyrgyzstan?