U.S. Cyber Agencies Mum on How They Try to Identify Cyber Attackers
Jill R. Aitoro writes on NextGov.com:
Members of a Senate subcommittee on Tuesday asked criminal and security agency officials responsible for securing the nation's most sensitive computer systems and networks how they identify who is behind a specific cyberattack, despite the difficulty in doing so.More here.
Tracing cyberattacks back to a specific source can be a difficult process because attacks can be routed through numerous computer networks worldwide, making it nearly impossible to identify the computer network where the attack started. Cyberattacks that took down government Web sites in South Korea and the United States in July, for example, initially were attributed to North Korea, but no hard evidence has emerged identifying systems there as the origin of the disruption.
"When you're in a situation where you don't know if it's a hacker, foreign government, terrorist or criminal group, how do you proceed?" Sen. Ted Kaufman, D-Del., asked witnesses from the Justice and Homeland Security departments and the FBI during a hearing before the subcommittee on Terrorism and Homeland Security.
James Baker, associate deputy attorney general at Justice, said his department turns to its criminal division, which investigates and prosecutes cyber criminals, and to its national security division, which investigates, prosecutes and attempts to stop cyber activities of nation-states and terrorists that pose a threat to U.S. security.